Every CVE whose affected-product data names Njtech Greencms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2018-11670 — CVSS 8.8 (high): An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the…
CVE-2018-11671 — CVSS 8.8 (high): An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=…
CVE-2022-28918 — CVSS 8.1 (high): GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plug…
CVE-2020-21366 — CVSS 8.0 (high): Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.
CVE-2018-12604 — CVSS 7.5 (high): GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.
CVE-2019-25573 — CVSS 7.1 (high): Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting…
CVE-2019-25574 — CVSS 6.5 (medium): Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by…
CVE-2025-9415 — CVSS 6.3 (medium): A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect…
CVE-2024-22570 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute…
CVE-2025-15187 — CVSS 3.8 (low): A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File…
CVE-2025-14244 — CVSS 2.4 (low): A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomControl…