Cyber Resilience

CVE-2021-47751

MediumPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0038 60.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47751 is a medium-severity Path Traversal (CWE-22) vulnerability in Phphtmledit Rich Text Editor. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2021-47751 is a directory traversal vulnerability (CWE-22) in CuteEditor for PHP version 6.6, now referred to as Rich Text Editor. The flaw exists in the browse template feature, where attackers can exploit the ServerMapPath() function by renaming uploaded HTML files with directory traversal sequences. This enables writing files to arbitrary web root directories outside the intended template directory. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction. By leveraging the directory traversal in file renaming during uploads, they achieve high integrity impact through arbitrary file writes on the web server, potentially allowing persistent access, defacement, or deployment of malicious scripts.

Advisories and resources are documented at http://phphtmledit.com/, https://www.exploit-db.com/exploits/50994, and https://www.vulncheck.com/advisories/cuteeditor-for-php-directory-traversal. The Exploit-DB entry (50994) includes a proof-of-concept exploit demonstrating the directory traversal for arbitrary file writes.

EU & UK References

Vulnerability details

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming…

more

uploaded HTML files using directory traversal sequences to write files outside the intended template directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1491.002 External Defacement Impact
An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users.
Why these techniques?

Directory traversal enables unauthenticated arbitrary file write to web root on public-facing PHP app (T1190), directly facilitating web shell deployment (T1505.003) and external defacement (T1491.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1661Shared CWE-22
CVE-2026-33529Shared CWE-22
CVE-2026-9550Shared CWE-22
CVE-2024-44373Shared CWE-22
CVE-2019-25471Shared CWE-22
CVE-2024-11642Shared CWE-22
CVE-2025-67684Shared CWE-22
CVE-2025-41758Shared CWE-22
CVE-2025-12382Shared CWE-22
CVE-2025-54446Shared CWE-22

Affected Assets

phphtmledit
rich text editor
≤ 6.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents directory traversal attacks by validating and sanitizing file paths and names input to the ServerMapPath() function during uploads and renames.

prevent

Enforces logical access controls to restrict file write operations to only the intended template directory, blocking arbitrary writes to web root directories.

prevent

Remediates the specific flaw in CuteEditor 6.6 by identifying, testing, and applying vendor patches or upgrades for this directory traversal vulnerability.

References