CVE-2021-47888
Unknown Unknown - Not Provided
Authenticated Remote Code Execution in Textpattern < 4.8.3 via File Upload

Publication date: 2026-01-23

Last updated on: 2026-01-23

Assigner: VulnCheck

Description
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a specific URL parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-23
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47888
EUVD
EUVD-2026-4283
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
textpattern textpattern to 4.8.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Textpattern versions prior to 4.8.3 allows authenticated users to upload malicious PHP files through the file upload functionality in the admin panel. Once uploaded, these PHP files can contain shell command execution payloads. Attackers can then execute arbitrary system commands remotely by accessing the uploaded file with a crafted URL parameter, effectively enabling remote code execution on the server. [2, 4]

Impact Analysis

If exploited, this vulnerability allows an authenticated user to execute arbitrary system commands on the server hosting Textpattern. This can lead to full remote code execution, compromising the confidentiality, integrity, and availability of the system. Attackers could potentially take control of the server, access sensitive data, modify or delete content, and disrupt services. [2, 4]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious PHP file uploads in the Textpattern CMS admin panel by authenticated users. Detection can involve checking for newly uploaded PHP files in the file upload directories or logs. Additionally, monitoring HTTP requests for access to uploaded PHP files with suspicious URL parameters such as 'cmd' used to execute system commands can help identify exploitation attempts. Specific commands are not provided in the resources, but typical detection might include searching web server logs for requests to PHP files with 'cmd' parameters or scanning the upload directories for unexpected PHP files. [4]

Mitigation Strategies

The immediate mitigation step is to upgrade Textpattern CMS to version 4.8.3 or later, as this version patches the vulnerability. Additionally, restrict file upload permissions to trusted users only, monitor and audit file uploads, and consider removing any suspicious PHP files uploaded by users. Implementing strict access controls and monitoring for unusual activity related to file uploads and command execution attempts can also help mitigate the risk. [2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47888. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart