CVE-2019-25574 in Green CMS
Summary
by MITRE • 03/21/2026
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/27/2026
The vulnerability identified as CVE-2019-25574 affects Green CMS version 2.x and represents a critical path traversal flaw that undermines the application's file access controls. This vulnerability exists within the content management system's theme export functionality and file download mechanisms, creating a significant security risk for organizations relying on this platform. The flaw allows authenticated attackers to bypass normal file access restrictions and retrieve files from arbitrary locations within the server's file system, potentially exposing sensitive data and system information.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the themeexporthandle action and downfile action of the CMS. When attackers manipulate the theme_name parameter in the themeexporthandle action or provide base64-encoded file paths through the downfile action, the application fails to properly validate or sanitize these inputs before processing. This allows directory traversal sequences such as ../ or ..\ to be injected directly into file path operations, enabling access to files outside the intended directory structure. The vulnerability specifically targets the application's file handling routines where user-supplied parameters are directly concatenated into file system paths without adequate security checks.
From an operational perspective, this vulnerability creates substantial risk for Green CMS installations as it enables attackers with valid authentication credentials to access sensitive files that may include configuration files, database credentials, source code, user data, and other confidential information. The impact extends beyond simple data theft to potentially enable further exploitation, as attackers might discover database connection strings, administrative passwords, or application source code that could facilitate additional attacks. The authenticated nature of this vulnerability means that even a low-privilege user account could be leveraged to access system files, making it particularly dangerous in environments where multiple users have access to the CMS.
Organizations affected by this vulnerability should implement immediate mitigations including input validation and sanitization measures that prevent directory traversal sequences from being processed. The recommended approach involves implementing strict parameter validation that rejects any input containing directory traversal sequences, implementing proper path normalization, and ensuring that all file access operations occur within designated safe directories. Additionally, organizations should consider implementing principle of least privilege access controls and monitoring for unusual file access patterns. This vulnerability aligns with CWE-22 Path Traversal and follows patterns commonly associated with ATT&CK technique T1078 Valid Accounts, as it leverages legitimate user credentials to access unauthorized system resources. The remediation efforts should include updating to patched versions of Green CMS, implementing web application firewalls, and conducting thorough security assessments to identify any potential exploitation that may have occurred prior to mitigation implementation.