CVE-2021-47751

CuteEditor for PHP 6.6 - Directory Traversal

CVSS 5.3 MEDIUMEPSS 0.7%CWE-22

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Phphtmledit · CuteEditor

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://phphtmledit.com/https://www.exploit-db.com/exploits/50994 https://www.vulncheck.com/advisories/cuteeditor-for-php-directory-traversal