CVE-2021-47937
Received Received - Intake
Remote Code Execution in e107 CMS

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: VulnCheck

Description
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-06-20
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2021-47937
EUVD
EUVD-2021-34798
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
e107 e107_cms 2.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

e107 CMS version 2.3.0 contains a remote code execution vulnerability that affects authenticated users who have theme installation permissions.

This vulnerability allows such users to upload malicious theme files through the theme.php endpoint without proper restrictions.

By exploiting this flaw, attackers can deploy a web shell into the e107_themes directory and execute arbitrary system commands via a payload.php script.

Impact Analysis

This vulnerability can lead to a severe security breach where an attacker with limited permissions can execute arbitrary system commands on the server hosting the e107 CMS.

Such unauthorized command execution can result in full system compromise, data theft, data loss, or further attacks on the network.

Because the attacker can upload a web shell, they can maintain persistent access and control over the affected system.

Detection Guidance

This vulnerability can be detected by checking for the presence of unauthorized or suspicious files such as web shells in the e107_themes directory, especially files like payload.php which may be used to execute system commands.

You can also monitor HTTP requests to the theme.php endpoint for unusual POST requests that upload theme packages.

Suggested commands to detect potential exploitation include:

  • Searching for suspicious files in the themes directory: `find /path/to/e107_themes -type f -name "payload.php"`
  • Checking recent file uploads or modifications: `find /path/to/e107_themes -type f -mtime -7` (to find files modified in the last 7 days)
  • Reviewing web server logs for POST requests to theme.php: `grep "POST /theme.php" /var/log/apache2/access.log` (adjust path and log file as needed)
Mitigation Strategies

Immediate mitigation steps include restricting theme installation permissions to trusted users only, as the vulnerability requires authenticated users with such permissions.

You should also monitor and remove any suspicious or unauthorized files, especially web shells like payload.php, from the e107_themes directory.

Applying updates or patches from the e107 CMS project to upgrade to a version that fixes this vulnerability is strongly recommended.

Additionally, consider implementing web application firewall (WAF) rules to block malicious uploads and monitor for unusual activity on the theme.php endpoint.

Compliance Impact

The provided information does not specify how the CVE-2021-47937 vulnerability in e107 CMS 2.3.0 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47937. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart