CVE-2021-47788
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| websitebaker | websitebaker | 2.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47788 is an authenticated remote code execution vulnerability in WebsiteBaker version 2.13.0. It allows users who have language editing permissions to execute arbitrary code on the server by exploiting the language installation endpoint. Attackers manipulate language installation parameters to upload and execute malicious code, such as a web shell, on the server. This vulnerability arises from unrestricted upload of dangerous file types during language installation. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the server hosting WebsiteBaker. An attacker with language editing permissions can upload malicious files and execute arbitrary system commands, potentially leading to full server compromise, data theft, service disruption, or further attacks within the network. Since it requires authenticated access, it acts as a privilege escalation vector within the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if WebsiteBaker version 2.13.0 is in use and if users have language editing permissions. One can check for suspicious POST requests to the language installation endpoint (/admin/languages/install.php) that upload files, especially PHP files disguised as language files. Additionally, monitoring for access to uploaded language files (e.g., /languages/TR.php) with command parameters (cmd) can indicate exploitation. Since the exploit involves authenticated access, reviewing logs for unusual login activity followed by language installation requests is useful. There is no specific command provided, but network monitoring tools can be used to filter HTTP POST requests to the language install endpoint and check for multipart/form-data uploads. Also, checking the presence of unexpected PHP files in the /languages/ directory on the server can help detect compromise. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting language editing permissions to trusted users only, as the vulnerability requires such privileges. Disable or restrict access to the language installation endpoint (/admin/languages/install.php) if not needed. Apply access controls and monitor for suspicious activity related to language file uploads. If possible, update WebsiteBaker to a version where this vulnerability is fixed or apply any available patches. Additionally, review and remove any unauthorized language files (e.g., TR.php) that may have been uploaded. Implement network-level protections such as web application firewalls to block malicious requests targeting the language installation functionality. [1, 2]