CVE-2021-47747

HIGH

meterN 1.2.3 - Authenticated Remote Code Execution via COMMANDx and LIVECOMMANDx Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47747. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote command execution (RCE) vulnerability in meterN v1.2.3 and 0.8.3.2. The vulnerability arises from improper input validation in the 'COMMANDx' and 'LIVECOMMANDx' POST parameters, allowing arbitrary command execution via the 'exec' function in PHP scripts.

Description

meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/50596

This exploit demonstrates an authenticated remote command execution (RCE) vulnerability in meterN v1.2.3 and 0.8.3.2. The vulnerability arises from improper input validation in the 'COMMANDx' and 'LIVECOMMANDx' POST parameters, allowing arbitrary command execution via the 'exec' function in PHP scripts.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: meterN v1.2.3 and 0.8.3.2
Auth required
Prerequisites: Authenticated access to the admin interface · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0061
EPSS Percentile 44.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
Metern/meterN 1.2.3
Published Dec 31, 2025
Tracked Since Feb 18, 2026