CVE-2019-25574

MEDIUM 6.5

Green CMS 2.x Path Traversal Arbitrary File Download

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories.

CWE	CWE-22
Vendor	greencms
Product	green cms
Published	Mar 21, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for greencms green cms

Be the first to know when new medium vulnerabilities affecting greencms green cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Greencms / Green CMS

2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46245 greencms.net: http://www.greencms.net/ codeload.github.com: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta vulncheck.com: https://www.vulncheck.com/advisories/green-cms-2-x-path-traversal-arbitrary-file-download

Credits

Ihsan Sencan