GreenCMS GreenCMS v2.3 arbitrary file deletioninformação

Título	https://github.com/GreenCMS/GreenCMS GreenCMS v2.3 arbitrary file deletion
Descrição	The /CustomController.class.php file in greencms v2.3 contains a file upload vulnerability. This flaw arises from the pluginAddLocal method's failure to validate uploaded files. Attackers can access the /index.php?m=admin&c=custom&a=pluginadd page to upload compressed files containing webshells. The system automatically decompresses these files into the website's root directory, allowing malicious files to be implanted. Using tools like Godzilla, attackers can exploit the implanted webshell to connect to target servers, gain control, and cause severe security risks such as data breaches and server tampering.
Fonte	⚠️ https://github.com/ueh1013/VULN/issues/7
Utilizador	R21Z20 (UID 97129)
Submissão	07/04/2026 05h49 (há 20 dias)
Moderação	25/04/2026 18h01 (19 days later)
Estado	Aceite
Entrada VulDB	359622 [GreenCMS até 2.3 index.php?m=admin&c=custom&a=pluginadd pluginAddLocal Elevação de Privilégios]
Pontos	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!