SQL injection vulnerabilities [reported by Marek Alaksa from citadelo]
WebsiteBaker 2.10.0 and lower versions are vulnerable to SQL injection vulnerabilities.
It is possible for an unauthenticated user to inject SQL code into the variables "username" and
"display_name" in the "account/signup.php" PHP script (signup form). The vulnerability exists due to
insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all
records stored in the database with the privileges of the WebsiteBaker database user (e.g. administrator
password MD5 hash).