GreenCMS Unrestricted File Upload Vulnerability in Theme Addition Feature

A vulnerability allowing unrestricted file uploads has been identified in GreenCMS versions through 2.3. The issue arises in the theme addition feature, accessed via 'index.php?m=admin&c=custom&a=themeadd', where uploaded files are not properly validated or filtered. This flaw enables attackers to upload compressed files containing web shells, which are then automatically decompressed into the website's root directory. Once the web shells are in place, tools like Godzilla can be used to gain control of the server, leading to serious security risks such as data breaches and malicious activities.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload malicious scripts or web shells that are executed on the server. This could lead to unauthorized access and control over the server, allowing attackers to steal data, manipulate website content, or disrupt services. Additionally, such an exploit could be used to delete files or deploy mining software that exhausts server resources.

Reproduction

To reproduce this vulnerability, access the GreenCMS admin panel and navigate to the theme addition feature. Upload a compressed file containing a web shell. The file will be decompressed into the root directory, where the web shell can be accessed and executed.