CVE-2025-9415

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GreenCMS versions prior to 2.3.0604

Description: A vulnerability exists in GreenCMS that allows for unrestricted file upload. The issue is located in an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. Manipulation of the upload[] argument enables the unrestricted upload of files. The attack can be carried out remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations: Update GreenCMS to version 2.3.0604 or later.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-9415

Affected Products

Greencms

CVE-2025-9415

Weakness Enumeration

Related Identifiers

Affected Products

References · 10