CVE-2021-47788

WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)

CVSS 8.7 HIGHEPSS 0.9%CWE-434

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Websitebaker · WebsiteBaker

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://websitebaker.org/https://www.exploit-db.com/exploits/50310 https://www.vulncheck.com/advisories/websitebaker-remote-code-execution-rce-authenticated