Unknown · Textpattern · CVE-2021-47888
**Name of the Vulnerable Software and Affected Versions**
Textpattern versions prior to 4.8.3
**Description**
Textpattern allows authenticated users to upload malicious PHP files, leading to remote code execution. An attacker can upload a PHP file containing a shell command execution payload and then execute arbitrary commands by accessing the uploaded file through a specific URL parameter.
**Recommendations**
Update to version 4.8.3 or later.