CVE-2021-47746
Unknown Unknown - Not Provided
Arbitrary File Write in NodeBB Plugin Emoji 3.2.1 via Upload API

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47746
EUVD
EUVD-2026-3657
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nodebb nodebb_plugin_emoji 3.2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47746 is an arbitrary file write vulnerability in NodeBB Plugin Emoji version 3.2.1. It allows users with administrative privileges to exploit the emoji upload API by crafting file upload requests that include directory traversal sequences in the file path parameter. This enables them to write files to arbitrary locations on the server, potentially overwriting critical system files by manipulating the file path during emoji uploads. [2, 3]

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker with admin access to write arbitrary files anywhere on the server filesystem. This can lead to overwriting important system files, potentially resulting in privilege escalation, persistent unauthorized access, or system compromise. Essentially, it threatens the integrity and security of the affected system. [2, 3]

Detection Guidance

Detection involves verifying if the NodeBB Plugin Emoji version 3.2.1 is installed and checking for suspicious file uploads via the emoji upload API endpoint. Since exploitation requires administrative access, monitoring POST requests to `/api/admin/plugins/emoji/upload` for directory traversal patterns in the `fileName` parameter (e.g., sequences like `../`) can help detect attempts. Commands to check installed plugin version might include inspecting the NodeBB plugin directory or querying the plugin list via NodeBB Admin Panel or CLI. For example, on the server, you can run: `npm list nodebb-plugin-emoji` or check the plugin version in the NodeBB Admin Control Panel. Network monitoring tools or web application firewalls can be configured to alert on suspicious POST requests containing directory traversal payloads targeting the emoji upload API. [2, 3]

Mitigation Strategies

Immediate mitigation steps include: 1) Restrict administrative access to trusted users only, as exploitation requires admin privileges. 2) Disable or restrict the emoji upload API endpoint `/api/admin/plugins/emoji/upload` until a patched version is applied. 3) Update the NodeBB Plugin Emoji to a version that addresses this vulnerability once available. 4) Monitor logs for suspicious file upload attempts with directory traversal patterns. 5) Apply network-level protections such as web application firewalls to block malicious payloads targeting this endpoint. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47746. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart