A security vulnerability in the backup module in WebsiteBaker Core CMS has been found.
Through the security vulnerability, everybody can use the backup module from anywhere and download the backup directly on every PC the “exploiter” likes without any noticing by you.

(Ads)

Affected systems

• WebsiteBaker version: 2.7, 2.8.0, 2.8.1 (until SVN revision number 1308).

Vulnerability Impact

• An exploit was being published on "known exploit sites".
• With this exploit everybody can download the whole database, crack the password and overtake the WebsiteBaker installation.

Maximum Severity Rating

• Highest (for systems matching all of the conditions under the Affected Systems section).

Instructions how to patch

• There is no supported patch available yet. Deinstall the backup module immediately.
• Change all passwords in WebsiteBaker installations that are affected, and inform all users.

Details refer to WebsiteBaker announcement for more details.

Related posts:

1. WebsiteBaker CMS, New Safe Backup Module Available
2. e107 Security Update 0.7.20 Released
3. eFront Released v3.5.5 Patch To Fix Security Issue
4. CMS Made Simple 1.7 (Cape Verde) Released
5. Myfaces Core 2.0.0 Released

Tags: Content Management System CMS, WebsiteBaker