Baseline CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Page.asp script not properly sanitizing user-supplied input to the 'SiteNodeID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
r0t is credited with the discovery of this vulnerability.
Baseline CMS Baseline CMS 1.95
Baseline CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, steal cookie-based authentication credentials, and launch other attacks.