Vulnerability Description
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/textpattern/textpattern
- https://textpattern.com/
- https://www.exploit-db.com/exploits/50095
- https://www.vulncheck.com/advisories/textpattern-cms-dev-authenticated-remote-co
FAQ
What is CVE-2021-47976?
CVE-2021-47976 is a vulnerability with a CVSS score of 8.8 (HIGH). TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can ...
How severe is CVE-2021-47976?
CVE-2021-47976 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47976?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.