CVE-2021-47746

Name of the Vulnerable Software and Affected Versions NodeBB Plugin Emoji version 3.2.1

Description The NodeBB Plugin Emoji version 3.2.1 has a flaw that allows administrative users to write files to arbitrary system locations. This is possible through the emoji upload API by manipulating the file path parameter, enabling directory traversal and system file overwrites. An attacker with administrative privileges can craft file upload requests to achieve this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.