Unknown · Textpattern Cms · CVE-2021-47976
**Name of the Vulnerable Software and Affected Versions**
TextPattern CMS version 4.9.0-dev
**Description**
Authenticated attackers can achieve remote code execution by exploiting the plugin upload functionality. The process involves authenticating, retrieving a CSRF token from the plugin event page, and uploading malicious PHP files to the 'textpattern/tmp/' directory.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.