CVE-2021-47746

High CVSS: 8.6

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

Vendor

Product

CWE

CWE-73

Yayın Tarihi

2026-01-21 18:16:02

Güncelleme

2026-01-26 15:04:59

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-73 HIGH 2026

Referanslar

https://github.com/NodeBB/nodebb-plugin-emoji https://nodebb.org/ https://www.exploit-db.com/exploits/49813 https://www.vulncheck.com/advisories/nodebb-plugin-emoji-arbitrary-file-write