CVE-2021-47753
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: VulnCheck

Description
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47753
EUVD
EUVD-2026-2783
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phpkf cms 3.00_beta_y6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in phpKF CMS 3.00 Beta y6 allows an unauthenticated attacker to upload a malicious PHP file disguised as a PNG image by bypassing superficial file extension checks. The attacker can then rename the uploaded file from .png to .php and execute arbitrary system commands remotely through a web shell parameter, leading to remote code execution on the server. [1]

Impact Analysis

This vulnerability can lead to full remote code execution on the affected server, allowing attackers to run arbitrary system commands. This can result in unauthorized access, data theft, server compromise, defacement, or use of the server for malicious activities, severely impacting the security and integrity of your system. [1]

Detection Guidance

This vulnerability can be detected by checking for the presence of suspicious PHP files uploaded in directories intended for image uploads, especially files that were originally uploaded with a .png extension but renamed to .php. Network detection can involve monitoring HTTP requests to the upload endpoint (/phpkf-bilesenler/yukleme/index.php) and looking for POST requests that upload files or rename files. Additionally, you can attempt to access uploaded PHP files with a cmd parameter to see if system commands are executed. For example, you can use curl commands to test the upload and execution endpoints: 1. Check if the upload endpoint is accessible: curl -I http://target/phpkf-bilesenler/yukleme/index.php 2. Attempt to upload a PHP file disguised as an image (requires authentication or user creation as per exploit): curl -F "[email protected]" http://target/phpkf-bilesenler/yukleme/index.php 3. Attempt to rename the uploaded file to .php via POST request. 4. Test execution by accessing: http://target/path/evil.php?cmd=id or http://target/path/evil.php?cmd=whoami Monitoring web server logs for unusual file uploads or accesses to .php files in image directories can also help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include: 1. Disable or restrict the file upload functionality to prevent unauthenticated uploads. 2. Implement strict server-side validation of uploaded files, ensuring that only allowed file types are accepted and that file extensions cannot be changed post-upload. 3. Restrict permissions on upload directories to prevent execution of uploaded files. 4. Monitor and remove any suspicious files, especially PHP files in upload directories. 5. Apply any available patches or updates from the vendor addressing this vulnerability. 6. If possible, restrict access to the upload endpoints to authenticated and authorized users only. 7. Review web server and application logs for signs of exploitation and respond accordingly. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47753. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart