The vulnerability resides in GreenCMS’s themeadd function located at /index.php?m=admin&c=custom&a=themeadd and allows an attacker to upload any file type without restriction, potentially facilitating the placement of malicious code on the server. The flaw is identified with CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type). The CVSS score of 5.3 reflects a moderate severity, primarily due to the remote file upload capability and the fact that the exploit is publicly available, though the description does not explicitly state that code execution is guaranteed. The impact is that an attacker could place executable files or web shells in the upload directory, thereby gaining further foothold if the server is improperly configured to execute uploaded content.

GreenCMS versions up to 2.3 are affected. The vulnerability appears in the admin theme addition interface and is only present in releases that are no longer supported by the maintainer. No specific sub‑versions are listed beyond the general "up to 2.3" range.

The EPSS score is listed as less than 1 %, indicating that the probability of exploitation is low at present. The vulnerability is not included in the CISA KEV catalog, which suggests that active, widespread exploitation has not been reported. Nonetheless, because the attack can be launched remotely and the exploit has been made public, the risk remains for unpatched systems. Attackers would need to craft a request to the themeadd endpoint and supply a file of their choosing; if the server allows the file to be executed, further compromise could occur. The overall risk is moderate due to the lower probability of exploitation, but it warrants timely remediation to prevent a potential escalation.