| शीर्षक | https://github.com/GreenCMS/GreenCMS GreenCMS v2.3 arbitrary file deletion |
|---|
| विवरण | The /CustomController.class.php file in greencms v2.3 contains a file upload vulnerability. This flaw arises from the pluginAddLocal method's failure to validate uploaded files. Attackers can access the /index.php?m=admin&c=custom&a=pluginadd page to upload compressed files containing webshells. The system automatically decompresses these files into the website's root directory, allowing malicious files to be implanted. Using tools like Godzilla, attackers can exploit the implanted webshell to connect to target servers, gain control, and cause severe security risks such as data breaches and server tampering. |
|---|
| स्रोत | ⚠️ https://github.com/ueh1013/VULN/issues/7 |
|---|
| उपयोगकर्ता | R21Z20 (UID 97129) |
|---|
| सबमिशन | 07/04/2026 05:49 AM (20 दिन पहले) |
|---|
| संयम | 25/04/2026 06:01 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359622 [GreenCMS तक 2.3 index.php?m=admin&c=custom&a=pluginadd pluginAddLocal अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|