关键漏洞信息 Title: GreenCMS V2.3 Arbitrary File Removal Description: GreenCMS v2.3 contains a critical vulnerability enabling arbitrary file deletion. The flaw stems from the file's parameter failing to rigorously validate user-input file paths. Attackers can intercept POST requests targeting the page using Burp Suite, then tamper with the parameter to force cross-directory path manipulation. By creating a test.txt file in the parent directory of and submitting the modified data packet, attackers can bypass backend filtering to delete files across directories. This vulnerability allows malicious actors to delete critical resources like configuration files and database backups, potentially causing website downtime, data breaches, and other severe consequences with extensive impact. Source:  User: Blackoo (UID 93743) Submission Date: 12/26/2025 09:20 AM (8 days ago) Moderation Date: 12/28/2025 11:24 AM (2 days later) Status: Duplicate VulDB Entry:  [GreenCMS up to 2.3 File DATAController.class.php sqlFiles/zipFiles path traversal] Points: 0