CVE-2022-28918

Name of the Vulnerable Software and Affected Versions GreenCMS version 2.3.0603

Description The issue allows for arbitrary file deletion. This can be achieved via the "/index.php?m=admin&c=custom&a=plugindelhandle&plugin name=" API endpoint, where the plugin name variable is utilized.

Recommendations For GreenCMS version 2.3.0603, as a temporary workaround, consider restricting access to the "/index.php?m=admin&c=custom&a=plugindelhandle&plugin name=" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.