CVE-2020-25990
published 2020-10-01CVE-2020-25990: WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.67%
73.8th percentile
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| websitebaker | websitebaker | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commanddisplay_name=Administrator" AND (SELECT 9637 FROM (SELECT(SLEEP(5)))ExGN)-- Cspz&language=EN&timezone=system_default&date_format=M d Y&time_format=g:i A&[email protected]&new_password_1=&new_password_2=¤t_password=&submit=Save&dd114892c1676ce3=j_5rdRnI_TarPQu7QmVVuw↗
- →Monitor POST requests to /websitebaker/admin/preferences/save.php for SQL injection patterns in the 'display_name' parameter, particularly time-based blind payloads containing SLEEP() or boolean-based SELECT subqueries. ↗
- →Detect the specific time-based blind SQLi payload pattern: double-quote followed by AND (SELECT <int> FROM (SELECT(SLEEP(<n>)))<alias>)-- in the display_name POST parameter. ↗
- →The exploit requires authentication; look for the WebsiteBaker session cookie pattern 'wb-<port>-sid' accompanying suspicious POST requests to the preferences save endpoint. ↗
- →SQLmap exploitation of this CVE uses --risk=3 --level=5 against the saved Burp request; alert on SQLmap User-Agent strings (--random-agent may mask this) combined with POST traffic to the vulnerable path. ↗
- ·The exploit is authenticated — an attacker must already possess valid WebsiteBaker admin credentials before the SQL injection in 'display_name' can be triggered. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2020-10-01
Published