CVE-2021-47751

HIGH 7.5

CuteEditor for PHP 6.6 - Directory Traversal

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory.

CWE	CWE-22
Vendor	phphtmledit
Product	cuteeditor
Published	Jan 13, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for phphtmledit cuteeditor

Be the first to know when new high vulnerabilities affecting phphtmledit cuteeditor are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

Phphtmledit / CuteEditor

0 ≤ 6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50994 phphtmledit.com: http://phphtmledit.com/ vulncheck.com: https://www.vulncheck.com/advisories/cuteeditor-for-php-directory-traversal

Credits

Stefan Hesselman