Njtech

Greencms

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-25574

Exploit
  • EPSS 1.77%
  • Veröffentlicht 21.03.2026 15:30:33
  • Zuletzt bearbeitet 24.03.2026 16:37:42

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthand...

8.8

CVE-2019-25573

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.03.2026 15:30:32
  • Zuletzt bearbeitet 24.03.2026 16:39:34

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=in...

6.5

CVE-2025-15187

Exploit
  • EPSS 0.11%
  • Veröffentlicht 29.12.2025 12:15:41
  • Zuletzt bearbeitet 24.02.2026 07:17:01

A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can b...

4.8

CVE-2025-14244

Exploit
  • EPSS 0.06%
  • Veröffentlicht 08.12.2025 12:16:03
  • Zuletzt bearbeitet 23.12.2025 00:01:11

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site ...

9.8

CVE-2025-9415

Exploit
  • EPSS 0.07%
  • Veröffentlicht 25.08.2025 19:02:06
  • Zuletzt bearbeitet 31.12.2025 17:06:22

A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried...

5.4

CVE-2024-22570

  • EPSS 0.08%
  • Veröffentlicht 29.01.2024 20:15:15
  • Zuletzt bearbeitet 21.11.2024 08:56:28

A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

8

CVE-2020-21366

Exploit
  • EPSS 0.08%
  • Veröffentlicht 20.06.2023 15:15:11
  • Zuletzt bearbeitet 10.12.2024 16:15:19

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.

8.1

CVE-2022-28918

Exploit
  • EPSS 0.23%
  • Veröffentlicht 26.04.2022 21:15:45
  • Zuletzt bearbeitet 21.11.2024 06:58:11

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.

7.5

CVE-2018-12604

Exploit
  • EPSS 22.14%
  • Veröffentlicht 20.06.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:31

GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.

8.8

CVE-2018-11670

Exploit
  • EPSS 0.23%
  • Veröffentlicht 01.06.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:47

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.