Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2021-47943: TextPattern CMS 4.8.7 allows attackers to run malicious code
CVE-2021-47943
Summary
Authenticated attackers can upload malicious files to TextPattern CMS, allowing them to run arbitrary commands on the server. This is a serious security risk because it could give attackers full control over the website. To fix this, update to the latest version of TextPattern CMS or apply the recommended security patch.
Original title
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload funct...
Original description
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/files/ with GET parameters passed to the system function.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 10 May 2026 · Updated: 30 May 2026 · First seen: 10 May 2026