Login Sign Up

CVE-2025-15187

3.8 LOW
Path Traversal

📋 TL;DR

This vulnerability in GreenCMS allows remote attackers to perform path traversal attacks by manipulating sqlFiles or zipFiles parameters in the File Handler component. This could enable unauthorized file access or directory traversal. Only affects unsupported GreenCMS versions up to 2.3.

💻 Affected Systems

Products:
  • GreenCMS
Versions: up to 2.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects unsupported versions. Maintainer no longer provides support for these versions.

📦 What is this software?

Greencms by Njtech

View all CVEs affecting Greencms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains unauthorized access to sensitive files, potentially including configuration files, credentials, or system files, leading to data exposure or system compromise.

🟠

Likely Case

Attacker reads arbitrary files from the web server, potentially accessing configuration files, source code, or other sensitive data stored within the web directory.

🟢

If Mitigated

With proper file permissions and web server restrictions, impact limited to files within the web-accessible directory structure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub issues. Remote exploitation requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available since product is no longer supported. Upgrade to a maintained CMS solution.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to filter path traversal sequences in sqlFiles and zipFiles parameters

Modify /DataController.class.php to sanitize user input before processing

Web Server Restrictions

all

Configure web server to restrict access to sensitive directories and files

Add appropriate .htaccess rules or nginx location blocks

🧯 If You Can't Patch

  • Implement WAF rules to block path traversal patterns in requests
  • Restrict network access to GreenCMS instance using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if GreenCMS version is 2.3 or earlier by examining version files or admin panel

Check Version:

Check GreenCMS version in configuration files or admin interface

Verify Fix Applied:

Test path traversal attempts against the /DataController.class.php endpoint with sqlFiles/zipFiles parameters

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing '../' or similar path traversal sequences in sqlFiles/zipFiles parameters
  • Unusual file access patterns from web server process

Network Indicators:

  • HTTP requests to /DataController.class.php with suspicious parameter values

SIEM Query:

web.url:*DataController.class.php* AND (web.param:*../* OR web.param:*..\*)

📊 Metadata

CVE ID: CVE-2025-15187
CVSS v3 Score: 3.8 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-22
EPSS Score: 0.1% exploit probability (28.5th percentile)
Published: December 29, 2025
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15187, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)