Primary

Context

WebsiteBaker Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in WebsiteBaker version 2.13.0. This issue allows authenticated users with language editing permissions to execute arbitrary code on the server. The vulnerability arises from a misconfiguration in the language installation endpoint, where attackers can manipulate installation parameters to achieve code execution.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server.

Reproduction

To reproduce this vulnerability, log into the WebsiteBaker admin panel with a user account that has language editing permissions. Navigate to the languages installation page. Once there, upload a PHP file containing malicious code through the language installation form. After the file is uploaded, it can be executed by accessing it via the web server, appending the appropriate command parameters to the request.

Added: Jan 16, 2026, 1:07 AM

Updated: Jan 16, 2026, 1:07 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.9

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.9

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebsiteBaker Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WebsiteBaker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating