CVE-2025-15187
GreenCMS File DataController.class.php path traversal
CVSS Score
3.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
| CWE | CWE-22 |
| Vendor | n/a |
| Product | greencms |
| Published | Dec 29, 2025 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a greencms
Be the first to know when new low vulnerabilities affecting n/a greencms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / GreenCMS
2.0 2.1 2.2 2.3
References
vuldb.com: https://vuldb.com/?id.338572 vuldb.com: https://vuldb.com/?ctiid.338572 vuldb.com: https://vuldb.com/?submit.721387 vuldb.com: https://vuldb.com/?submit.724836 vuldb.com: https://vuldb.com/?submit.725143 github.com: https://github.com/ueh1013/VULN/issues/4 github.com: https://github.com/ueh1013/VULN/issues/5
Credits
๐ Blackooo (VulDB User)