127 matches found
SQL Injection Vulnerability in GreenCMS
GreenCMS is a ThinkPHP-based content management system. GreenCMS suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information...
GreenCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00334)
GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit this vulnerability to delete log files with the help of the index.php?m=admin&c=data&a=clear URI...
Cross site request forgery (csrf)
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...
CVE-2018-19376
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...
CVE-2018-19376
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...
CVE-2018-19376
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI...
CVE-2018-19376
GreenCMS v2.3.0603 is affected by a cross-site request forgery (CSRF) vulnerability that allows an attacker to delete log files via the URI index.php?m=admin&c=data&a=clear. This issue is documented in multiple sources (CNVD-2019-00334, NVD CVE-2018-19376, OSV) and is confirmed across CNVD/CVSS d...
CVE-2018-19329
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...
Design/Logic Flaw
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...
CVE-2018-19329
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...
CVE-2018-19329
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...
CVE-2018-19329
GreenCMS v2.3.0603 contains a stored/reflective issue where remote authenticated administrators can delete arbitrary files by altering a base64-encoded pathname in the m=admin&c=media&a=delfilehandle&id= request, related to the m=admin&c=media&a=restorefile delete button. The root cause is manipu...
Arbitrary File Deletion Vulnerability in GreenCMS Backend
GreenCMS is an open source content management system written in PHP by Green Shade Studio, which is based on ThinkPHP, the most popular PHP development framework in China. GreenCMS background there are any file deletion vulnerability , attackers can use the vulnerability to delete any file...
GreenCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-13895)
GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit this vulnerability by sending the 'content' parameter to the index.php?m=admin&c=media&a=fileconnect URL to execute arbitrar...
CVE-2018-12988
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...
Arbitrary file deletion
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...
CVE-2018-12988
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...
CVE-2018-12988
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...
CVE-2018-12988
GreenCMS 2.3.0603 (ThinkPHP-based) contains an arbitrary file download vulnerability exposed through index.php?m=admin&c=media&a=downfile. The root cause is not explicitly stated beyond the vulnerability type; the provided documents do not include exploit details, affected file types, or version-...
GreenCMS Arbitrary File Download Vulnerability
GreenCMS is a content management system CMS based on ThinkPHP. An arbitrary file download vulnerability exists in GreenCMS version 2.3.0603. An attacker can download arbitrary files with the help of index.php?m=admin&c=media&a=downfile URI...