11 matches found
CVE-2022-28918
GreenCMS v2.3.0603 is affected by an arbitrary file deletion vulnerability exploitable over the network via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. The CVE entry indicates this allows deletion of arbitrary files, with CVSSv3.1 base score 8.1 (HIGH) and a network attack vector;...
CVE-2018-11671
CVE-2018-11671 concerns GreenCMS v2.3.0603, which exposes a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to add an administrator account via the endpointindex.php?m=admin&c=access&a=adduserhandle. The consolidated sources describe a CSRF flaw enabling account creation w...
CVE-2018-12604
GreenCMS 2.3.0603 is affected by an information-disclosure vulnerability where an attacker can obtain sensitive data by directly requesting Data/Log/year_month_day.log. Public exploits/PoCs (e.g., exploit-db entry and 0day.today/PacketStorm listings) demonstrate remote access to that log file. Th...
CVE-2018-11670
GreenCMS v2.3.0603 is affected by CVE-2018-11670: a CSRF weakness in index.php?m=admin&c=media&a=fileconnect enables an attacker to execute arbitrary PHP code, effectively a remote code execution path. Multiple public sources describe the vulnerability as triggered by submitting a crafted content...
CVE-2020-21366
GreenCMS v2.3 is affected by a Cross-Site Request Forgery vulnerability that lets an attacker gain privileges via the adduser function in index.php. Root cause appears to be CSRF in the user-creation flow; CVSS v3.1 base score 8.0 (HIGH) with network attack vector, low complexity and user interac...
CVE-2024-22570
GreenCMS v2.3 contains a stored XSS in the /install.php?m=install&c=index&a=step3 endpoint. The vulnerability allows attackers to inject arbitrary scripts via a crafted payload, with impact on visiting users who load the affected page. The CVE notes a stored XSS scenario; the current connected so...
CVE-2025-9415
GreenCMS ≤ 2.3.0603 contains an unrestricted file upload vulnerability in index.php?m=admin&c=media&a=fileconnect via manipulation of the upload[] parameter. The issue allows remote exploitation and is linked to publicly available exploits. It affects products no longer maintained. Remediation: u...
CVE-2019-25574
CVE-2019-25574 affects Green CMS 2.x. The vulnerability is a path traversal flaw that enables authenticated attackers to download arbitrary files or directories. Attackers can exploit the themeexporthandle action by injecting directory traversal sequences into the theme_name parameter, or use bas...
CVE-2025-14244
GreenCMS 2.3.0603 contains a cross-site scripting flaw in the Menu Management Page, due to improper handling of the Link parameter in /Admin/Controller/CustomController.class.php. The vulnerability can be triggered remotely, and exploits have been published. The issue affects products no longer m...
CVE-2019-25573
CVE-2019-25573 concerns Green CMS 2.x, where an SQL injection vulnerability exists in the cat parameter. The flaw can be exploited by an authenticated attacker who sends a GET request to index.php with m=admin, c=posts, a=index and injects SQL code through the cat parameter, enabling manipulation...
CVE-2025-15187
GreenCMS up to version 2.3 is affected by a path traversal in the File Handler’s DataController.class.php, where manipulating sqlFiles/zipFiles enables traversal. The issue is remote and publicly exploitable; affected products are no longer supported by the maintainer. No remediation or fixed ver...