An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
[
{
"product": "WebsiteBaker",
"vendor": "WebsiteBaker",
"versions": [
{
"status": "affected",
"version": "through 2.8.1"
}
]
}
]