Cyber Resilience

CVE-2021-47788

HighPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0087 54.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47788 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Websitebaker Websitebaker. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-47788 is an authenticated remote code execution vulnerability in WebsiteBaker version 2.13.0. It affects the language installation endpoint, where users with language editing permissions can manipulate installation parameters to execute arbitrary code on the server. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

An attacker requires valid credentials and language editing permissions to exploit this issue over the network with low complexity and no user interaction. Successful exploitation grants high confidentiality, integrity, and availability impacts, enabling full remote code execution on the affected server.

Advisories and proof-of-concept exploits are documented on Exploit-DB (exploit ID 50310) and Vulncheck, with the official WebsiteBaker site at websitebaker.org providing additional context. Practitioners should verify patches or upgrades on the vendor site, as no specific mitigation details are outlined in the core CVE data.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2021-47788 is an authenticated RCE vulnerability in a public-facing web application (WebsiteBaker CMS) via unrestricted file upload in the language installation endpoint, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-12352Shared CWE-434
CVE-2026-1730Shared CWE-434
CVE-2025-13067Shared CWE-434
CVE-2025-54449Shared CWE-434
CVE-2025-1070Shared CWE-434
CVE-2025-12528Shared CWE-434
CVE-2025-67325Shared CWE-434
CVE-2025-65471Shared CWE-434
CVE-2025-59710Shared CWE-434
CVE-2025-34328Shared CWE-434

Affected Assets

websitebaker
websitebaker
2.13.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses unrestricted upload of dangerous types by validating language installation parameters to block arbitrary code execution.

prevent

Remediates the specific flaw in WebsiteBaker's language installation endpoint through timely identification, reporting, and patching.

prevent

Enforces least privilege to restrict language editing permissions, reducing the number of users able to access and exploit the vulnerable endpoint.

References