Primary

Context

Green CMS SQL Injection Vulnerability in Version 2.x

Vulnerability

A SQL injection vulnerability has been identified in Green CMS versions 2.x. This issue allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code into the 'cat' parameter. Exploitation involves sending GET requests to 'index.php' with specific parameters that include the injected SQL. This vulnerability could be used to manipulate database queries and extract sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a GET request to 'index.php' with the 'm=admin', 'c=posts', and 'a=index' parameters. Inject SQL code into the 'cat' parameter to execute arbitrary SQL queries on the database.

Added: Mar 21, 2026, 4:23 PM

Updated: Mar 21, 2026, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

6.8

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

6.8

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Green CMS SQL Injection Vulnerability in Version 2.x

Vulnerability

Impact

Reproduction

Affected Products

GreenCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating