CVE-2021-47788 | THREATINT

Description

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-15 | Updated 2026-01-16 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

2.13.0

affected

Credits

Halit AKAYDIN (hLtAkydn) finder

References

www.exploit-db.com/exploits/50310 exploit

www.exploit-db.com/exploits/50310 (ExploitDB-50310) exploit

websitebaker.org/ (WebsiteBaker Official Homepage) product

www.vulncheck.com/...remote-code-execution-rce-authenticated (VulnCheck Advisory: WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)) third-party-advisory

cve.org (CVE-2021-47788)

nvd.nist.gov (CVE-2021-47788)

Download JSON