cbcvebase.
CVE-2020-25990
published 2020-10-01

CVE-2020-25990: WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.67%
73.8th percentile
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected

1 ranges
VendorProductVersion rangeFixed in
websitebakerwebsitebaker

Detection & IOCsextracted from sources · hover to see the quote

path/websitebaker/admin/preferences/save.php
commanddisplay_name=Administrator" AND (SELECT 9637 FROM (SELECT(SLEEP(5)))ExGN)-- Cspz&language=EN&timezone=system_default&date_format=M d Y&time_format=g:i A&[email protected]&new_password_1=&new_password_2=&current_password=&submit=Save&dd114892c1676ce3=j_5rdRnI_TarPQu7QmVVuw
  • Monitor POST requests to /websitebaker/admin/preferences/save.php for SQL injection patterns in the 'display_name' parameter, particularly time-based blind payloads containing SLEEP() or boolean-based SELECT subqueries.
  • Detect the specific time-based blind SQLi payload pattern: double-quote followed by AND (SELECT <int> FROM (SELECT(SLEEP(<n>)))<alias>)-- in the display_name POST parameter.
  • The exploit requires authentication; look for the WebsiteBaker session cookie pattern 'wb-<port>-sid' accompanying suspicious POST requests to the preferences save endpoint.
  • SQLmap exploitation of this CVE uses --risk=3 --level=5 against the saved Burp request; alert on SQLmap User-Agent strings (--random-agent may mask this) combined with POST traffic to the vulnerable path.
  • ·The exploit is authenticated — an attacker must already possess valid WebsiteBaker admin credentials before the SQL injection in 'display_name' can be triggered.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.