Greencms · Greencms · CVE-2018-12988
**Name of the Vulnerable Software and Affected Versions**
GreenCMS version 2.3.0603
**Description**
The issue allows for an arbitrary file download via the `/index.php?m=admin&c=media&a=downfile` API endpoint.
**Recommendations**
For GreenCMS version 2.3.0603, consider restricting access to the `downfile` action in the `media` controller to minimize the risk of exploitation.