Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2021-47936 -- CVSS 9.8 Vulnerability Briefing

CVE-2021-47936 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2021-47936 is an unauthenticated remote code execution vulnerability in OpenCATS 0.9.4, an open-source applicant tracking system, exploitable via malicious file upload through the resume attachment functionality.

Technical Detail

The flaw exists in OpenCATS 0.9.4's file upload handling, which fails to adequately validate or restrict the file types accepted as resume attachments. An unauthenticated attacker can upload a PHP file disguised as a resume document, which the server then executes, resulting in arbitrary command execution in the context of the web server process. Successful exploitation grants the attacker full control over the underlying host without requiring any prior authentication or user interaction.

Exploitation Status

No known exploit code has been publicly confirmed for this vulnerability at this time, and it does not appear on CISA's Known Exploited Vulnerabilities catalog. Despite the absence of confirmed public exploits, the attack vector is straightforward and the vulnerability class is well understood, meaning the barrier to exploitation is low for a capable attacker.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE in available intelligence sources.

What To Do

Organizations running OpenCATS 0.9.4 should upgrade to a patched version immediately given the critical CVSS score of 9.8 and the unauthenticated nature of the attack. If an immediate upgrade is not feasible, restrict public access to the OpenCATS instance, particularly any file upload endpoints, using network-level controls or a web application firewall configured to block PHP file uploads. Review web server logs for unexpected PHP file creation in upload directories and audit existing uploaded files for malicious content. Given that this application handles sensitive recruitment data, treat any unpatched instance exposed to untrusted networks as a high-priority remediation target.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →