Description
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories.
Published: 2026-03-21
Score: 7.1 High
EPSS: 1.8% Low
KEV: No
Impact: Confidentiality breach via arbitrary file download
Action: Patch
AI Analysis

Impact

Green CMS 2.x permits authenticated attackers to extract any file or directory by injecting directory traversal characters into the theme_name parameter or by supplying base64-encoded paths to the downfile action. This flaw allows the disclosure of sensitive files stored outside the intended directories, exposing confidential data such as configuration files or application secrets.

Affected Systems

The vulnerability affects all installations of Green CMS 2.x released by Greencms. No specific sub‑versions have been identified, but the flaw exists in the 2.x series identified by the vendor.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate‑to‑high severity, while the EPSS score of less than 1% suggests a low probability of widespread exploitation today. The flaw is not listed in the CISA KEV catalog. Exploitation requires a valid user session, so the risk is primarily internal; an authenticated attacker can download arbitrary files, potentially leading to further compromise if privilege escalation is possible. The likely attack vector is an authenticated web session manipulating the theme export or download parameters.

Generated by OpenCVE AI on March 24, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official security patch for Green CMS 2.x.
  • If a patch is not yet available, restrict or disable the themeexporthandle and downfile actions for non‑essential users.
  • Configure firewall or WAF rules to block directory traversal patterns in the relevant URLs.
  • Monitor application logs for suspicious file download attempts.

Generated by OpenCVE AI on March 24, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Njtech
Njtech greencms
CPEs cpe:2.3:a:njtech:greencms:*:*:*:*:*:*:*:*
Vendors & Products Njtech
Njtech greencms

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Greencms
Greencms greencms
Vendors & Products Greencms
Greencms greencms

Sat, 21 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories.
Title Green CMS 2.x Path Traversal Arbitrary File Download
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Greencms Greencms
Njtech Greencms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:36:16.889Z

Reserved: 2026-03-21T15:23:41.589Z

Link: CVE-2019-25574

cve-icon Vulnrichment

Updated: 2026-03-23T16:36:04.403Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T16:16:00.960

Modified: 2026-03-24T16:37:42.487

Link: CVE-2019-25574

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:09Z

Weaknesses