CVE-2021-47746

HIGH

NodeBB Plugin Emoji 3.2.1 - Path Traversal

Title source: llm

Description

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

Exploits (1)

exploitdb WORKING POC
by 1F98D · pythonwebappsmultiple
https://www.exploit-db.com/exploits/49813

References (4)

Scores

CVSS v3 7.5
EPSS 0.0022
EPSS Percentile 43.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-73
Status draft

Timeline

Published Jan 21, 2026
Tracked Since Feb 18, 2026