A vulnerabity was found in WebsiteBaker version 2.8.3 SP5.
The problem was existing in earlier versions too, so action is required.
Not all webmasters and webdesigners are happy with upgrading their installations to the SP6 (RC3) version, so we like to provide you with some patchfiles that will help you in fixing the vulnerabity without performing a full upgrade.
Download the patch file for your WB version and unzip it to your local harddrive.
Upload the files using FTP in their structure to your WB installation.
The patched files are: /admin/preferences/save.php
Patch for WB 2.8.3 SP3 - download
Patch for WB 2.8.3 SP4 - download
Patch for WB 2.8.3 SP5 - download
The patches above were inclomplete! At this time the best advise is to upgrade to SP6 or SP7!
Please consult the WB forum for more information about the vulnerability.
WebsiteBaker does not have any intrusion detection on the admin pages, so any brute-force attack can go on for a long time without you knowing about it.
There is a solution.
Upgrading WB to the latest version is always a good idea.. but..
Unfortuntly there are some default settings enabled that could break your website after upgrading from an older revision.