CVE-2021-47788

HIGH

Websitebaker - Unrestricted File Upload

Title source: rule

Description

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.

Exploits (1)

exploitdb WORKING POC

by Halit AKAYDIN · pythonwebappsphp

https://www.exploit-db.com/exploits/50310

View Code ZIP pw:eip

References (3)

[Product] https://websitebaker.org/

[Exploit, VDB Entry] https://www.exploit-db.com/exploits/50310

[Third Party Advisory] https://www.vulncheck.com/advisories/websitebaker-remote-code-execution-rce-authenticated

Scores

CVSS v3 8.8

EPSS 0.0013

EPSS Percentile 31.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

websitebaker/websitebaker 2.13.0

Published Jan 16, 2026

Tracked Since Feb 18, 2026