CVE-2021-47943

HIGH

TextPattern CMS 4.8.7 Remote Code Execution via File Upload

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-47943. PoCs published by Mert Daş.

AI-analyzed exploit summary This exploit demonstrates an authenticated RCE vulnerability in TextPattern CMS 4.8.7 by uploading a malicious PHP file via the file upload feature and executing arbitrary commands through a crafted GET request.

Description

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/files/ with GET parameters passed to the system function.

Exploits (2)

exploitdb WORKING POC

by Mert Daş · textwebappsphp

https://www.exploit-db.com/exploits/50415

View Code ZIP pw:eip

This exploit demonstrates an authenticated RCE vulnerability in TextPattern CMS 4.8.7 by uploading a malicious PHP file via the file upload feature and executing arbitrary commands through a crafted GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TextPattern CMS 4.8.7

Auth required

Prerequisites: Authenticated access to the CMS · File upload permissions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 10, 2026 Full analysis →

exploitdb WORKING POC

by Mert Daş · textwebappsphp

https://www.exploit-db.com/exploits/49996

View Code ZIP pw:eip

This exploit demonstrates a Remote Command Execution (RCE) vulnerability in TextPattern CMS 4.8.7 by uploading a malicious PHP file via the file upload feature and executing arbitrary commands through a crafted GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TextPattern CMS 4.8.7

Auth required

Prerequisites: Authenticated access to the CMS · File upload functionality enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 10, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-49996

https://www.exploit-db.com/exploits/49996

Exploit exploit

ExploitDB-50415

https://www.exploit-db.com/exploits/50415

Third Party Advisory third-party-advisory

VulnCheck Advisory: TextPattern CMS 4.8.7 Remote Code Execution via File Upload

https://www.vulncheck.com/advisories/textpattern-cms-remote-code-execution-via-file-upload

Scores

CVSS v3 8.8

EPSS 0.0062

EPSS Percentile 44.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Textpattern/TextPattern CMS 4.8.7

Published May 10, 2026

Tracked Since May 10, 2026