CVE-2019-25574

Name of the Vulnerable Software and Affected Versions Green CMS versions 2.x

Description The software contains a path traversal issue that allows authenticated attackers to download arbitrary files and directories. Attackers can manipulate the theme name parameter in the themeexporthandle action or provide base64-encoded file paths to the downfile action to retrieve sensitive files outside of intended directories. The API endpoint /themeexporthandle is affected, with the theme name parameter being vulnerable. The API endpoint /downfile is also affected, accepting base64-encoded file paths.

Recommendations Versions prior to 2.x should be used.