GreenCMS GreenCMS v2.3 arbitrary file deletion情報

タイトル	https://github.com/GreenCMS/GreenCMS GreenCMS v2.3 arbitrary file deletion
説明	The /CustomController.class.php file in greencms v2.3 contains an arbitrary file upload vulnerability.This flaw arises from the theme addition feature (access path: index.php?m=admin&c=custom&a=themeadd) failing to properly validate and filter uploaded files. Attackers can upload compressed files containing webshells, which the system automatically decompresses into the website's root directory. Subsequently, tools like Godzilla can exploit these webshells to gain server control, resulting in severe security risks such as data breaches and malicious operations, posing significant threats to system security.
ソース	⚠️ https://github.com/ueh1013/VULN/issues/21
ユーザー	R21Z20 (UID 97129)
送信	2026年04月07日 05:53 (21 日 ago)
モデレーション	2026年04月25日 18:01 (19 days later)
ステータス	承諾済み
VulDBエントリ	359623 [GreenCMS 迄 2.3 index.php?m=admin&c=custom&a=themeadd 特権昇格]
ポイント	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!