CVE-2025-15187

GreenCMS up to version 2.3 is affected by a path traversal in the File Handler’s DataController.class.php, where manipulating sqlFiles/zipFiles enables traversal. The issue is remote and publicly exploitable; affected products are no longer supported by the maintainer. No remediation or fixed ver...

EUVD-2018-11027

Malware in sbrugna...

EUVD-2018-4939

Malware in sbrugna...

EUVD-2022-33353

Malicious code in bioql PyPI...

EUVD-2025-25745

Malicious code in bioql PyPI...

CVE-2025-9415

GreenCMS ≤ 2.3.0603 contains an unrestricted file upload vulnerability in index.php?m=admin&c=media&a=fileconnect via manipulation of the upload[] parameter. The issue allows remote exploitation and is linked to publicly available exploits. It affects products no longer maintained. Remediation: u...

PT-2025-34699

Name of the Vulnerable Software and Affected Versions: GreenCMS versions prior to 2.3.0604 Description: A vulnerability exists in GreenCMS that allows for unrestricted file upload. The issue is located in an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. Manipulation of the...

CVE-2024-22570

A stored cross-site scripting XSS vulnerability in /install.php?m=install=index=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2022-28918

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin=custom=plugindelhandlename=...

CVE-2020-21366

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

CVE-2018-19329

GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...