| Title | https://github.com/GreenCMS/GreenCMS Greencms v2.3 Arbitrary File Removal |
|---|
| Description | GreenCMS v2.3 is affected by a high-risk arbitrary file deletion vulnerability. The root cause of this vulnerability is that the sqlFiles parameter in the /DataController.class.php file fails to perform strict validation on the file path input by users.
Attackers can capture and intercept the POST request URL of the target website's page index.php?m=admin&c=data&a=delsqlfiles via Burp Suite, and tamper with the value of the request parameter sqlFiles to a cross-directory path. After creating a test file named 1.txt in the parent directory of 6946b565ba428.sql, attackers submit the tampered data packet. Due to insufficient back-end filtering, directory traversal is enabled to delete files, allowing the attackers to successfully delete the 1.txt file across directories.
This vulnerability permits attackers to delete core resources on the server, such as key configuration files and database backups, leading to severe consequences including website paralysis and data leakage, with an extremely wide scope of harm.
|
|---|
| Source | ⚠️ https://github.com/ueh1013/VULN/issues/4 |
|---|
| User | Blackooo (UID 93743) |
|---|
| Submission | 12/22/2025 08:50 (4 months ago) |
|---|
| Moderation | 12/28/2025 09:37 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338572 [GreenCMS up to 2.3 File DataController.class.php sqlFiles/zipFiles path traversal] |
|---|
| Points | 20 |
|---|