CVE-2021-47751
Published: 13 January 2026
Summary
CVE-2021-47751 is a medium-severity Path Traversal (CWE-22) vulnerability in Phphtmledit Rich Text Editor. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2021-47751 is a directory traversal vulnerability (CWE-22) in CuteEditor for PHP version 6.6, now referred to as Rich Text Editor. The flaw exists in the browse template feature, where attackers can exploit the ServerMapPath() function by renaming uploaded HTML files with directory traversal sequences. This enables writing files to arbitrary web root directories outside the intended template directory. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction. By leveraging the directory traversal in file renaming during uploads, they achieve high integrity impact through arbitrary file writes on the web server, potentially allowing persistent access, defacement, or deployment of malicious scripts.
Advisories and resources are documented at http://phphtmledit.com/, https://www.exploit-db.com/exploits/50994, and https://www.vulncheck.com/advisories/cuteeditor-for-php-directory-traversal. The Exploit-DB entry (50994) includes a proof-of-concept exploit demonstrating the directory traversal for arbitrary file writes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2656
Vulnerability details
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming…
more
uploaded HTML files using directory traversal sequences to write files outside the intended template directory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal enables unauthenticated arbitrary file write to web root on public-facing PHP app (T1190), directly facilitating web shell deployment (T1505.003) and external defacement (T1491.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents directory traversal attacks by validating and sanitizing file paths and names input to the ServerMapPath() function during uploads and renames.
Enforces logical access controls to restrict file write operations to only the intended template directory, blocking arbitrary writes to web root directories.
Remediates the specific flaw in CuteEditor 6.6 by identifying, testing, and applying vendor patches or upgrades for this directory traversal vulnerability.