CVE-2025-9415

Name of the Vulnerable Software and Affected Versions: GreenCMS versions prior to 2.3.0604

Description: A vulnerability exists in GreenCMS that allows for unrestricted file upload. The issue is located in an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. Manipulation of the upload[] argument enables the unrestricted upload of files. The attack can be carried out remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations: Update GreenCMS to version 2.3.0604 or later.