Login Sign Up

CVE-2021-46117

7.2 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-46117 is a remote code execution vulnerability in JPress 4.2.0 that allows authenticated attackers to inject malicious code via email template editing in the admin panel. This affects all JPress installations running version 4.2.0 with admin panel access enabled. Successful exploitation enables attackers to execute arbitrary code on the server.

💻 Affected Systems

Products:
  • JPress
Versions: 4.2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin panel access; default installations with admin credentials are vulnerable.

📦 What is this software?

Jpress by Jpress

View all CVEs affecting Jpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing data theft, malware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Unauthorized code execution leading to website defacement, data exfiltration, or cryptocurrency mining.

🟢

If Mitigated

Limited impact with proper access controls, though template injection could still cause email system disruption.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials; GitHub issue #171 contains technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.1 or later

Vendor Advisory: https://github.com/JPressProjects/jpress/issues/171

Restart Required: Yes

Instructions:

1. Backup your JPress installation and database. 2. Download JPress 4.2.1 or later from GitHub. 3. Replace the existing installation with the updated version. 4. Restart the JPress application server.

🔧 Temporary Workarounds

Disable Admin Panel Access

all

Temporarily restrict access to the admin panel to prevent exploitation.

Configure firewall rules to block access to /admin paths
Use web server configuration to restrict /admin access to trusted IPs

Remove Email Template Editing Permission

all

Modify admin role permissions to remove email template editing capabilities.

Edit role permissions in JPress admin interface to disable template modification

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit admin panel access to trusted IP addresses only.
  • Enable detailed logging for admin panel activities and monitor for suspicious template modification attempts.

🔍 How to Verify

Check if Vulnerable:

Check JPress version in admin panel or via application files; version 4.2.0 is vulnerable.

Check Version:

Check jpress-core-x.x.x.jar version or admin panel dashboard

Verify Fix Applied:

Verify JPress version is 4.2.1 or later and test email template editing functionality for code injection.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin login patterns
  • Email template modification logs with suspicious content
  • Java process spawning unexpected child processes

Network Indicators:

  • Outbound connections from JPress server to unknown destinations
  • Unusual HTTP requests to admin template endpoints

SIEM Query:

source="jpress.log" AND ("template" OR "email") AND ("modif" OR "edit" OR "update")

📊 Metadata

CVE ID: CVE-2021-46117
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: January 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46117, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)