Njtech Greencms
11 CVEs affecting Njtech Greencms. Latest disclosed: 2026-03-21. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-11671 | High | 8.8 | 2018-06-01 | An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle. |
CVE-2018-11670 | High | 8.8 | 2018-06-01 | An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to i… |
CVE-2022-28918 | High | 8.1 | 2022-04-26 | GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. |
CVE-2020-21366 | High | 8.0 | 2023-06-20 | Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. |
CVE-2018-12604 | High | 7.5 | 2018-06-20 | GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. |
CVE-2019-25573 | High | 7.1 | 2026-03-21 | Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through… |
CVE-2019-25574 | Medium | 6.5 | 2026-03-21 | Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory tr… |
CVE-2025-9415 | Medium | 6.3 | 2025-08-25 | A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation… |
CVE-2024-22570 | Medium | 5.4 | 2024-01-29 | A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts… |
CVE-2025-15187 | Low | 3.8 | 2025-12-29 | A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a… |
CVE-2025-14244 | Low | 2.4 | 2025-12-08 | A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of th… |