← Volver a CVEs
CVE-2021-47746
HIGH7.5
Descripcion
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/21/2026
Ultima modificacion1/26/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-73
Referencias
https://github.com/NodeBB/nodebb-plugin-emoji(disclosure@vulncheck.com)
https://nodebb.org/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/49813(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/nodebb-plugin-emoji-arbitrary-file-write(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.