Lucene search
K
NjtechGreencms

11 matches found

CVE
CVE
added 2022/04/26 8:29 p.m.82 views

CVE-2022-28918

GreenCMS v2.3.0603 is affected by an arbitrary file deletion vulnerability exploitable over the network via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. The CVE entry indicates this allows deletion of arbitrary files, with CVSSv3.1 base score 8.1 (HIGH) and a network attack vector;...

8.1CVSS8.1AI score0.0103EPSS
CVE
CVE
added 2018/06/01 5:0 p.m.74 views

CVE-2018-11671

CVE-2018-11671 concerns GreenCMS v2.3.0603, which exposes a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to add an administrator account via the endpointindex.php?m=admin&c=access&a=adduserhandle. The consolidated sources describe a CSRF flaw enabling account creation w...

8.8CVSS8.6AI score0.02513EPSS
Web
CVE
CVE
added 2018/06/20 7:0 p.m.65 views

CVE-2018-12604

GreenCMS 2.3.0603 is affected by an information-disclosure vulnerability where an attacker can obtain sensitive data by directly requesting Data/Log/year_month_day.log. Public exploits/PoCs (e.g., exploit-db entry and 0day.today/PacketStorm listings) demonstrate remote access to that log file. Th...

7.5CVSS7.2AI score0.13344EPSS
CVE
CVE
added 2018/06/01 5:0 p.m.62 views

CVE-2018-11670

GreenCMS v2.3.0603 is affected by CVE-2018-11670: a CSRF weakness in index.php?m=admin&c=media&a=fileconnect enables an attacker to execute arbitrary PHP code, effectively a remote code execution path. Multiple public sources describe the vulnerability as triggered by submitting a crafted content...

8.8CVSS8.9AI score0.02513EPSS
Web
CVE
CVE
added 2023/06/20 12:0 a.m.48 views

CVE-2020-21366

GreenCMS v2.3 is affected by a Cross-Site Request Forgery vulnerability that lets an attacker gain privileges via the adduser function in index.php. Root cause appears to be CSRF in the user-creation flow; CVSS v3.1 base score 8.0 (HIGH) with network attack vector, low complexity and user interac...

8CVSS7.9AI score0.00325EPSS
CVE
CVE
added 2024/01/29 12:0 a.m.42 views

CVE-2024-22570

GreenCMS v2.3 contains a stored XSS in the /install.php?m=install&c=index&a=step3 endpoint. The vulnerability allows attackers to inject arbitrary scripts via a crafted payload, with impact on visiting users who load the affected page. The CVE notes a stored XSS scenario; the current connected so...

5.4CVSS5.2AI score0.00277EPSS
CVE
CVE
added 2025/08/25 7:2 p.m.15 views

CVE-2025-9415

GreenCMS ≤ 2.3.0603 contains an unrestricted file upload vulnerability in index.php?m=admin&c=media&a=fileconnect via manipulation of the upload[] parameter. The issue allows remote exploitation and is linked to publicly available exploits. It affects products no longer maintained. Remediation: u...

9.8CVSS7.1AI score0.00316EPSS
CVE
CVE
added 2026/03/21 3:30 p.m.13 views

CVE-2019-25574

CVE-2019-25574 affects Green CMS 2.x. The vulnerability is a path traversal flaw that enables authenticated attackers to download arbitrary files or directories. Attackers can exploit the themeexporthandle action by injecting directory traversal sequences into the theme_name parameter, or use bas...

7.1CVSS5.9AI score0.01101EPSS
CVE
CVE
added 2025/12/08 12:2 p.m.12 views

CVE-2025-14244

GreenCMS 2.3.0603 contains a cross-site scripting flaw in the Menu Management Page, due to improper handling of the Link parameter in /Admin/Controller/CustomController.class.php. The vulnerability can be triggered remotely, and exploits have been published. The issue affects products no longer m...

4.8CVSS5.4AI score0.00223EPSS
Web
CVE
CVE
added 2026/03/21 3:30 p.m.9 views

CVE-2019-25573

CVE-2019-25573 concerns Green CMS 2.x, where an SQL injection vulnerability exists in the cat parameter. The flaw can be exploited by an authenticated attacker who sends a GET request to index.php with m=admin, c=posts, a=index and injects SQL code through the cat parameter, enabling manipulation...

8.8CVSS6.2AI score0.00342EPSS
CVE
CVE
added 2025/12/29 12:2 p.m.8 views

CVE-2025-15187

GreenCMS up to version 2.3 is affected by a path traversal in the File Handler’s DataController.class.php, where manipulating sqlFiles/zipFiles enables traversal. The issue is remote and publicly exploitable; affected products are no longer supported by the maintainer. No remediation or fixed ver...

6.5CVSS4.8AI score0.00574EPSS