WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated) | Advisories

Advisories

WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)

severity: high
date: January 15, 2026
Affecting: WebsiteBaker 2.13.0
CVE: CVE-2021-47788
CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-50310
WebsiteBaker Official Homepage
Credit: Halit AKAYDIN (hLtAkydn)
Description: WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.