| 제목 | https://github.com/GreenCMS/GreenCMS GreenCMS v2.3 arbitrary file deletion |
|---|
| 설명 | The /CustomController.class.php file in greencms v2.3 contains an arbitrary file upload vulnerability.This flaw arises from the theme addition feature (access path: index.php?m=admin&c=custom&a=themeadd) failing to properly validate and filter uploaded files. Attackers can upload compressed files containing webshells, which the system automatically decompresses into the website's root directory. Subsequently, tools like Godzilla can exploit these webshells to gain server control, resulting in severe security risks such as data breaches and malicious operations, posing significant threats to system security. |
|---|
| 원천 | ⚠️ https://github.com/ueh1013/VULN/issues/21 |
|---|
| 사용자 | R21Z20 (UID 97129) |
|---|
| 제출 | 2026. 04. 07. AM 05:53 (21 날 ago) |
|---|
| 모더레이션 | 2026. 04. 25. PM 06:01 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359623 [GreenCMS 까지 2.3 index.php?m=admin&c=custom&a=themeadd 권한 상승] |
|---|
| 포인트들 | 20 |
|---|