top of page
perceptive_background_267k.jpg

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Atta…

Published:

22 januari 2026 om 23:00:00

Alert date:

23 januari 2026 om 18:06:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability. The flaw allows logged-in users to upload malicious PHP files containing shell command execution payloads. Attackers can execute arbitrary commands by accessing the uploaded file through a specific URL parameter. This vulnerability enables authenticated users to gain complete system control through file upload abuse. The issue affects all Textpattern installations running versions below 4.8.3.

Technical details

Mitigation steps:

Affected products:

Textpattern

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47888
https://textpattern.com/
https://textpattern.com/start
https://www.exploit-db.com/exploits/49620
https://www.vulncheck.com/advisories/textpattern-remote-code-execution

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page