CVE-2021-47746
📋 TL;DR
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter. This affects NodeBB forum installations using the vulnerable emoji plugin version.
💻 Affected Systems
- NodeBB Plugin Emoji
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via overwriting critical system files, installation of backdoors, or achieving remote code execution by writing malicious scripts to executable locations.
Likely Case
Data corruption, service disruption, or privilege escalation by overwriting configuration files, user data, or NodeBB application files.
If Mitigated
Limited impact if proper file permission restrictions and input validation are in place, though admin compromise remains a significant risk.
🎯 Exploit Status
Exploitation requires administrative credentials. Public exploit code is available in the Exploit-DB reference.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.2 or later
Vendor Advisory: https://github.com/NodeBB/nodebb-plugin-emoji
Restart Required: Yes
Instructions:
1. Update NodeBB Plugin Emoji to version 3.2.2 or later via NodeBB Admin Control Panel or npm. 2. Restart NodeBB service. 3. Verify the plugin version is updated.
🔧 Temporary Workarounds
Disable Emoji Plugin
allTemporarily disable the vulnerable plugin until patching is possible
npm uninstall nodebb-plugin-emoji
Restart NodeBB service
Restrict Admin Access
allTemporarily limit administrative access to only essential personnel
🧯 If You Can't Patch
- Immediately revoke administrative access from all non-essential users and implement strict monitoring of admin activity.
- Implement file integrity monitoring on critical system directories and NodeBB installation paths to detect unauthorized file writes.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of nodebb-plugin-emoji via npm: npm list nodebb-plugin-emojiCheck Version:
npm list nodebb-plugin-emojiVerify Fix Applied:
Verify the plugin version is 3.2.2 or later using: npm list nodebb-plugin-emoji | grep nodebb-plugin-emoji📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations in NodeBB logs
- Multiple failed or successful emoji upload attempts from admin accounts
- Directory traversal patterns in upload requests
Network Indicators:
- HTTP POST requests to emoji upload endpoint with path traversal sequences (../)
- Unusual file upload sizes or patterns from admin IPs
SIEM Query:
source="nodebb.log" AND ("emoji/upload" OR "../") AND user_role="admin"