{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25574", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T15:23:41.589Z", "datePublished": "2026-03-21T15:30:33.098Z", "dateUpdated": "2026-03-23T16:36:16.889Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T00:15:20.259Z"}, "title": "Green CMS 2.x Path Traversal Arbitrary File Download", "descriptions": [{"lang": "en", "value": "Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "affected": [{"vendor": "Greencms", "product": "Green CMS", "versions": [{"version": "2.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46245", "name": "ExploitDB-46245", "tags": ["exploit"]}, {"url": "http://www.greencms.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://codeload.github.com/GreenCMS/GreenCMS/zip/beta", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Green CMS 2.x Path Traversal Arbitrary File Download", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/green-cms-2-x-path-traversal-arbitrary-file-download"}], "credits": [{"lang": "en", "value": "Ihsan Sencan", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-01-25T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:35:57.486027Z", "id": "CVE-2019-25574", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:36:16.889Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25574", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:35:57.486027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:36:04.403Z"}}], "cna": {"title": "Green CMS 2.x Path Traversal Arbitrary File Download", "credits": [{"lang": "en", "type": "finder", "value": "Ihsan Sencan"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Greencms", "product": "Green CMS", "versions": [{"status": "affected", "version": "2.0"}]}], "datePublic": "2019-01-25T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46245", "name": "ExploitDB-46245", "tags": ["exploit"]}, {"url": "http://www.greencms.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://codeload.github.com/GreenCMS/GreenCMS/zip/beta", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/green-cms-2-x-path-traversal-arbitrary-file-download", "name": "VulnCheck Advisory: Green CMS 2.x Path Traversal Arbitrary File Download", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T00:15:20.259Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25574", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:36:16.889Z", "dateReserved": "2026-03-21T15:23:41.589Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T15:30:33.098Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:njtech:greencms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9F05D4C-EAD2-4BE9-8C3B-6AC77BA24DE2", "versionEndIncluding": "2.3.0603", "versionStartIncluding": "2.1.0612", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories."}, {"lang": "es", "value": "Green CMS 2.x contiene una vulnerabilidad de salto de ruta que permite a atacantes autenticados descargar archivos y directorios arbitrarios inyectando secuencias de salto de directorio. Los atacantes pueden manipular el par\u00e1metro theme_name en la acci\u00f3n themeexporthandle o proporcionar rutas de archivo codificadas en base64 a la acci\u00f3n downfile para recuperar archivos sensibles fuera de los directorios previstos."}], "id": "CVE-2019-25574", "lastModified": "2026-03-24T16:37:42.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T16:16:00.960", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "http://www.greencms.net/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://codeload.github.com/GreenCMS/GreenCMS/zip/beta"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46245"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/green-cms-2-x-path-traversal-arbitrary-file-download"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.0,2.0]"}}], "enrichment": {"confidence": 97.0, "confidence_source": "matching", "scores": [{"score": 97.0, "source": "matching"}]}, "original": {"product": "Green CMS", "source": "cna", "vendor": "Greencms"}, "product": "greencms", "vendor": "greencms"}], "analysis": {"en": {"generated_at": "2026-03-24T17:26:34.131733+00:00", "value": {"mitigation_remediation": ["Apply the latest official security patch for Green CMS 2.x.", "If a patch is not yet available, restrict or disable the themeexporthandle and downfile actions for non\u2011essential users.", "Configure firewall or WAF rules to block directory traversal patterns in the relevant URLs.", "Monitor application logs for suspicious file download attempts."], "summary": {"action": "Patch", "impact": "Confidentiality breach via arbitrary file download"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of Green CMS 2.x released by Greencms. No specific sub\u2011versions have been identified, but the flaw exists in the 2.x series identified by the vendor.", "description_and_impact": "Green CMS 2.x permits authenticated attackers to extract any file or directory by injecting directory traversal characters into the theme_name parameter or by supplying base64-encoded paths to the downfile action. This flaw allows the disclosure of sensitive files stored outside the intended directories, exposing confidential data such as configuration files or application secrets.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a moderate\u2011to\u2011high severity, while the EPSS score of less than 1% suggests a low probability of widespread exploitation today. The flaw is not listed in the CISA KEV catalog. Exploitation requires a valid user session, so the risk is primarily internal; an authenticated attacker can download arbitrary files, potentially leading to further compromise if privilege escalation is possible. The likely attack vector is an authenticated web session manipulating the theme export or download parameters."}}}}, "created": "2026-03-23T09:49:06.293285+00:00", "updated": "2026-03-25T14:47:09.090191+00:00", "vendors": ["greencms", "greencms$PRODUCT$greencms"]}