GreenCMS Unrestricted File Upload Vulnerability in Custom Plugin Management

A vulnerability allowing unrestricted file uploads has been identified in GreenCMS versions through 2.3. The issue arises in the 'pluginAddLocal' function within 'index.php?m=admin&c=custom&a=pluginadd'. This vulnerability allows attackers to upload compressed files containing web shells, which are then decompressed into the website's root directory. Once the web shell is in place, it can be used to gain remote access to the server, potentially leading to data breaches, server manipulation, and other significant security risks.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload malicious scripts or web shells that are executed on the server. This could lead to unauthorized access and control over the server, allowing for data theft, manipulation of website content, or use of the server's resources for malicious activities such as cryptocurrency mining or launching DDoS attacks.

Reproduction

To reproduce this vulnerability, access the GreenCMS admin panel and navigate to the 'Custom' section. Use the 'Plugin Add' feature to upload a compressed file containing a web shell. Once uploaded, the web shell can be accessed and executed, providing a means to control the server remotely.

Remediation

No specific mitigation measures are known, but it is generally recommended to upgrade to a supported version of GreenCMS.