CVE-2021-47753 CRITICAL

CVE-2021-47753: phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

Vendor Phpkf
Product phpKF CMS
Weakness CWE-434 · Unrestricted file upload
Published January 15, 2026
Last update April 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.

Key dates

02Disclosure timeline

January 15, 2026 CVE published
April 7, 2026 Record updated