CVE-2025-15187

Name of the Vulnerable Software and Affected Versions GreenCMS versions prior to 2.3

Description A flaw exists in GreenCMS up to version 2.3 within the File Handler component, specifically in the /DataController.class.php file. Manipulation of the sqlFiles/zipFiles argument can lead to path traversal. This issue is remotely exploitable and an exploit has been publicly released. The affected products are no longer supported by the maintainer.

Recommendations Versions prior to 2.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.