CVE-2021-47936
Received Received - Intake
Remote Code Execution in OpenCATS via Malicious PHP Upload

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: VulnCheck

Description
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-05-10
AI Q&A
2026-05-10
EPSS Evaluated
N/A
NVD
CVE-2021-47936
EUVD
EUVD-2021-34797
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opencats opencats to 0.9.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2021-47936 is a critical remote code execution vulnerability in OpenCATS version 0.9.4 and earlier. It allows unauthenticated attackers to upload malicious PHP files disguised as resume attachments through the careers job application endpoint.

Once the malicious PHP file is uploaded, attackers can execute arbitrary system commands by sending POST requests to the uploaded file in the upload directory, effectively gaining control over the server.


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized remote code execution on your server running OpenCATS 0.9.4 or earlier.

  • Attackers can execute arbitrary system commands without authentication.
  • Compromise of the server hosting the OpenCATS application.
  • Potential data breaches or loss of sensitive recruitment data.
  • Disruption of recruitment operations and damage to organizational reputation.

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of malicious PHP files uploaded through the careers job application endpoint, especially in the upload directory where resume attachments are stored.

You can look for suspicious PHP files disguised as resume attachments and attempt to interact with them via POST requests to see if arbitrary commands can be executed.

A practical approach is to scan the upload directory for unexpected PHP files using commands like:

  • find /path/to/opencats/upload/directory -type f -name "*.php"
  • grep -r --include="*.php" "system\|exec\|shell_exec\|passthru" /path/to/opencats/upload/directory

Additionally, monitoring HTTP POST requests to uploaded PHP files in the upload directory can help detect exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include:

  • Restrict or disable the ability to upload PHP files through the careers job application endpoint.
  • Implement strict file type validation and sanitization on uploaded resume attachments to prevent PHP payloads.
  • Apply authentication controls to the upload functionality to prevent unauthenticated access.
  • Remove any suspicious PHP files found in the upload directory.
  • Update OpenCATS to a version later than 0.9.4, such as the latest release 0.9.7.4, which includes security fixes.

Monitoring logs for unusual POST requests to uploaded files and restricting web server execution permissions in the upload directory can also help mitigate exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart