CVE-2021-47751

Name of the Vulnerable Software and Affected Versions CuteEditor for PHP (now referred to as Rich Text Editor) version 6.6

Description The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiting the ServerMapPath() function. Attackers can rename uploaded HTML files using directory traversal sequences to write files outside the intended template directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.