Primary

Context

WebsiteBaker Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A directory traversal vulnerability has been identified in WebsiteBaker version 2.13.3. This vulnerability allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Exploitation involves sending crafted GET requests to the '/admin/media/delete.php' endpoint, using directory traversal sequences to target files outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of files on the server.

Reproduction

To reproduce this vulnerability, send a GET request to '/admin/media/delete.php' with a 'dir' parameter that includes directory traversal sequences. This will allow deletion of files outside the default directory.

Added: Dec 16, 2025, 5:52 PM

Updated: Dec 16, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.3

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.3

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebsiteBaker Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Reproduction

Affected Products

WebsiteBaker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating