CVE-2021-47788

HIGH

WebsiteBaker 2.13.0 - Authenticated Remote Code Execution via Language Installation Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47788. PoCs published by Halit AKAYDIN.

AI-analyzed exploit summary This exploit targets WebsiteBaker 2.13.0, leveraging an authenticated RCE vulnerability via language installation functionality. It bypasses security measures and executes arbitrary code by manipulating language pack installation.

Description

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.

Exploits (1)

exploitdb WORKING POC
by Halit AKAYDIN · pythonwebappsphp
https://www.exploit-db.com/exploits/50310

This exploit targets WebsiteBaker 2.13.0, leveraging an authenticated RCE vulnerability via language installation functionality. It bypasses security measures and executes arbitrary code by manipulating language pack installation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebsiteBaker 2.13.0
Auth required
Prerequisites: Valid admin credentials · Language editing permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, VDB Entry exploit
https://www.exploit-db.com/exploits/50310
Product product
https://websitebaker.org/

Scores

CVSS v3 8.8
EPSS 0.0087
EPSS Percentile 54.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
websitebaker/websitebaker 2.13.0
Published Jan 16, 2026
Tracked Since Feb 18, 2026