CVE-2021-47751

Sažetak

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory.

Reference

http://phphtmledit.com/
https://www.exploit-db.com/exploits/50994
https://www.vulncheck.com/advisories/cuteeditor-for-php-directory-traversal
https://www.exploit-db.com/exploits/50994

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

14-01-2026 - 20:15

Objavljeno

13-01-2026 - 23:15