CVE-2021-47888
Authenticated Remote Code Execution in Textpattern < 4.8.3 via File Upload
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| textpattern | textpattern | to 4.8.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Textpattern versions prior to 4.8.3 allows authenticated users to upload malicious PHP files through the file upload functionality in the admin panel. Once uploaded, these PHP files can contain shell command execution payloads. Attackers can then execute arbitrary system commands remotely by accessing the uploaded file with a crafted URL parameter, effectively enabling remote code execution on the server. [2, 4]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an authenticated user to execute arbitrary system commands on the server hosting Textpattern. This can lead to full remote code execution, compromising the confidentiality, integrity, and availability of the system. Attackers could potentially take control of the server, access sensitive data, modify or delete content, and disrupt services. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious PHP file uploads in the Textpattern CMS admin panel by authenticated users. Detection can involve checking for newly uploaded PHP files in the file upload directories or logs. Additionally, monitoring HTTP requests for access to uploaded PHP files with suspicious URL parameters such as 'cmd' used to execute system commands can help identify exploitation attempts. Specific commands are not provided in the resources, but typical detection might include searching web server logs for requests to PHP files with 'cmd' parameters or scanning the upload directories for unexpected PHP files. [4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Textpattern CMS to version 4.8.3 or later, as this version patches the vulnerability. Additionally, restrict file upload permissions to trusted users only, monitor and audit file uploads, and consider removing any suspicious PHP files uploaded by users. Implementing strict access controls and monitoring for unusual activity related to file uploads and command execution attempts can also help mitigate the risk. [2, 4]