CVE-2019-25573

Sažetak

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat parameter to manipulate database queries and extract sensitive information.

Reference

http://www.greencms.net/
https://codeload.github.com/GreenCMS/GreenCMS/zip/beta
https://www.exploit-db.com/exploits/46244
https://www.vulncheck.com/advisories/green-cms-2-x-sql-injection-via-cat-parameter

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

21-03-2026 - 16:16

Objavljeno

21-03-2026 - 16:16