Unknown · Rich Text Editor · CVE-2021-47751
**Name of the Vulnerable Software and Affected Versions**
CuteEditor for PHP (now referred to as Rich Text Editor) version 6.6
**Description**
The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiting the `ServerMapPath()` function. Attackers can rename uploaded HTML files using directory traversal sequences to write files outside the intended template directory.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.