CVE-2025-15187

medium

Description

A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

References

https://vuldb.com/?submit.725143

https://vuldb.com/?submit.724836

https://vuldb.com/?submit.721387

https://vuldb.com/?id.338572

https://github.com/ueh1013/VULN/issues/5

https://vuldb.com/?ctiid.338572

https://github.com/ueh1013/VULN/issues/4

Details

Source: Mitre, NVD

Published: 2025-12-29

Updated: 2026-02-24

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.0005