CVE-2021-47888
Published: 23 January 2026
Summary
CVE-2021-47888 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-47888 is an authenticated remote code execution vulnerability in Textpattern content management system versions prior to 4.8.3. It stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), enabling logged-in users to upload malicious PHP files containing shell command execution payloads. By accessing the uploaded file via a specific URL parameter, attackers can trigger arbitrary command execution on the server.
The vulnerability requires network access and low privileges (PR:L), with no user interaction needed, as indicated by its CVSS v3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Any authenticated user, such as a contributor or low-level admin, can exploit it to gain full server compromise, including data exfiltration, persistence, or further lateral movement within the environment.
Mitigation involves upgrading to Textpattern 4.8.3 or later, as specified in the vulnerability details. Advisories from sources like VulnCheck and public exploits on Exploit-DB (e.g., 49620) highlight the issue, with Textpattern's official site providing relevant resources for patching.
A proof-of-concept exploit is publicly available on Exploit-DB, increasing the risk of real-world abuse against unpatched installations.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4283
Vulnerability details
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the…
more
uploaded file through a specific URL parameter.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables exploitation of a public-facing web application (T1190) via authenticated file upload of PHP web shells (T1100) for remote command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation by upgrading to Textpattern 4.8.3 or later directly eliminates the unrestricted PHP file upload vulnerability enabling RCE.
Information input validation on file uploads rejects dangerous PHP files, directly countering CWE-434 unrestricted upload of dangerous types.
Malicious code protection mechanisms scan and block uploaded PHP shells at system entry points, mitigating execution even if uploads occur.