CVE-2025-15187
Path Traversal in GreenCMS File Handler Allows Remote Exploit
Publication date: 2025-12-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| greencms | greencms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows remote attackers to perform path traversal, potentially accessing or modifying files outside the intended directory. This can lead to limited integrity and availability impacts, such as unauthorized modification of files or disruption of service. However, the vulnerability has a relatively low severity score and affects only unsupported versions of GreenCMS.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability enables attackers to delete critical server resources such as configuration files, database backups, and logs, potentially leading to data breaches, permanent data loss, and privacy violations. These impacts can result in non-compliance with regulations like GDPR and HIPAA, which require protection of personal data and system integrity. Additionally, the vulnerability can cause legal liabilities and reputational damage due to compromised data security and privacy. Therefore, exploitation of this vulnerability poses significant risks to compliance with common standards and regulations. [2, 5, 6]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and intercepting POST requests to the endpoints `index.php?m=admin&c=data&a=delsqlfiles` and `index.php?m=admin&c=data&a=delzipfiles`. Using tools like Burp Suite, you can capture and analyze these requests to check if the parameters `sqlFiles` or `zipFiles` contain path traversal sequences such as '../'. Additionally, searching for the presence of the vulnerable file `DataController.class.php` in your GreenCMS installation can help identify affected systems. Google dorking with queries like `inurl:DataController.class.php` can also help identify exposed targets. Commands to check for suspicious POST requests or logs might include using `grep` on web server logs for these endpoints or parameters. For example: `grep 'delsqlfiles' /var/log/apache2/access.log` or `grep 'delzipfiles' /var/log/apache2/access.log` to find potentially malicious requests. Also, scanning with vulnerability scanners such as AWVS or Nessus configured to test for path traversal can help detect exploitation attempts. [1, 2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implement strict input validation to allow only predefined file IDs or filenames, disallowing full file paths and filtering out dangerous characters like '/', '\', and '..'. 2) Enforce path restrictions by resolving real paths (e.g., using PHP's realpath()) and ensuring deletion operations are confined to designated directories such as /uploads/. 3) Apply the principle of least privilege by configuring file permissions so the web service user has minimal deletion rights, avoiding write/delete permissions on critical directories. 4) Require authentication and authorization checks before allowing file deletions, preventing anonymous or unauthorized access. 5) Avoid direct system-level delete calls; if necessary, perform multiple validations and ensure paths are backend-generated, not user-controlled. 6) Enable detailed logging and auditing of deletion operations to detect anomalies. 7) Use vulnerability scanners and penetration testing to verify fixes. Since GreenCMS 2.3 is no longer supported, consider replacing it with a secure alternative. Additionally, prohibit deletion operations via GET requests and enforce POST or PUT methods with CSRF token verification. [2, 5]
Can you explain this vulnerability to me?
This vulnerability exists in GreenCMS up to version 2.3 in the File Handler component, specifically in the /DataController.class.php file. It involves manipulation of the sqlFiles/zipFiles argument, which leads to a path traversal vulnerability. This means an attacker can remotely exploit this flaw to access files or directories outside the intended scope by manipulating file paths.