CVE-2025-15187 | GreenCMS up to 2.3 File DataController.class.php sqlFiles path traversal

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability identified as critical has been detected in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument sqlFiles results in path traversal. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is identified as CVE-2025-15187. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2025-15187 | GreenCMS up to 2.3 File DataController.class.php sqlFiles path traversal

Post correlati

CVE-2024-52437 | Saul Morales Pacheco Banner System Plugin up to 1.0.0 on WordPress missing authentication

CVE-2024-6428 | Mattermost up to 9.5.5/9.6.2/9.7.4/9.8.0 User Management access control

CVE-2024-43270 | WPBackItUp Backup and Restore WordPress Plugin up to 1.50 on WordPress authorization

CVE-2024-12774 | Altra Side Menu Plugin up to 2.0 on WordPress cross-site request forgery