PT-2018-11517 · Greencms · Greencms

Ctfddd

Published

2018-06-29

Updated

2018-08-20

CVE-2018-12988

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GreenCMS version 2.3.0603

Description The issue allows for an arbitrary file download via the /index.php?m=admin&c=media&a=downfile API endpoint.

Recommendations For GreenCMS version 2.3.0603, consider restricting access to the downfile action in the media controller to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-12988

Affected Products

Greencms

PT-2018-11517 · Greencms · Greencms

CVE-2018-12988

Weakness Enumeration

Related Identifiers

Affected Products

References · 3