CVE-2026-7044
Unrestricted File Upload in GreenCMS themeadd Function
Publication date: 2026-04-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| greencms | greencms | to 2.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GreenCMS up to version 2.3, specifically in the function themeadd located in the file /index.php?m=admin&c=custom&a=themeadd. It allows an attacker to perform an unrestricted upload, meaning they can upload files without proper restrictions or validation.
The attack can be launched remotely, and the exploit has been made public, increasing the risk of exploitation.
It is important to note that this vulnerability affects only products that are no longer supported by the maintainer.
How can this vulnerability impact me? :
The unrestricted upload vulnerability can allow an attacker to upload malicious files to the affected system remotely.
This could lead to unauthorized access, data compromise, or further exploitation of the system depending on the nature of the uploaded files.
Since the vulnerability is exploitable remotely and the exploit is publicly available, the risk of attack is higher.
What immediate steps should I take to mitigate this vulnerability?
Since this vulnerability affects GreenCMS up to version 2.3 and the product is no longer supported by the maintainer, immediate mitigation steps include discontinuing use of the affected software or isolating it from untrusted networks.
Additionally, restricting access to the vulnerable function (themeadd in /index.php?m=admin&c=custom&a=themeadd) and monitoring for any unauthorized uploads can help reduce risk.