CVE-2021-47753

CriticalPublic PoC

Published: 15 January 2026

Published

15 January 2026

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 49.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands…

through a crafted web shell parameter.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates uploaded file content and types to prevent disguised PHP executables from bypassing extension checks and enabling arbitrary code execution.

AC-3 Access Enforcement good match

prevent

Enforces authentication and authorization requirements for file upload functionality, blocking unauthenticated remote attackers from exploiting the vulnerability.

SI-3 Malicious Code Protection good match

preventdetect

Scans and removes malicious code in uploaded files, such as PHP web shells, mitigating arbitrary code execution post-upload.

Security SummaryAI

CVE-2021-47753 is an unauthenticated file upload vulnerability in phpKF CMS 3.00 Beta y6. It enables remote attackers to execute arbitrary code by bypassing file extension checks, specifically by uploading a PHP file disguised as a PNG image, renaming it, and executing system commands through a crafted web shell parameter. The issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Remote attackers require no authentication, privileges, or user interaction to exploit the vulnerability over the network with low complexity. Successful exploitation allows arbitrary code execution on the affected server, providing high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.

References include an exploit at https://www.exploit-db.com/exploits/50610, along with the phpKF CMS website at https://www.phpkf.com/ and its download page at https://www.phpkf.com/indirme.php. No specific mitigation or patch details from advisories are available in the provided information.

Details

CWE(s): CWE-434

Affected Products

phpkf

cms

3.00

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

CVE-2021-47753 enables unauthenticated RCE through unrestricted file upload to a public-facing CMS (T1190: Exploit Public-Facing Application) by disguising and executing a PHP web shell (T1100: Web Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/50610
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.phpkf.com/
Product · disclosure@vulncheck.com
https://www.phpkf.com/indirme.php
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/50610
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0