CVE-2025-15187
- EPSS 0.1%
- Veröffentlicht 29.12.2025 12:15:41
- Zuletzt bearbeitet 24.02.2026 07:17:01
A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can b...
CVE-2025-14244
- EPSS 0.04%
- Veröffentlicht 08.12.2025 12:16:03
- Zuletzt bearbeitet 23.12.2025 00:01:11
A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site ...
CVE-2025-9415
- EPSS 0.05%
- Veröffentlicht 25.08.2025 19:02:06
- Zuletzt bearbeitet 31.12.2025 17:06:22
A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried...
CVE-2018-19376
- EPSS 0.1%
- Veröffentlicht 20.11.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:49
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.
CVE-2018-19329
- EPSS 0.51%
- Veröffentlicht 17.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:44
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.
CVE-2018-12988
- EPSS 0.3%
- Veröffentlicht 29.06.2018 05:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:11
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.