Critical Vulnerability Information Title: GreenCMS V2.3 Arbitrary File Removal Description: GreenCMS v2.3 contains a critical vulnerability that allows arbitrary file deletion. The flaw arises from the file's parameter, which does not rigorously validate user-supplied file paths. Attackers can intercept POST requests targeting the page using Burp Suite, then modify the parameter to perform cross-directory path traversal. By creating a test.txt file in the parent directory of and submitting the altered request, attackers can bypass backend filtering and delete files across directories. This vulnerability enables malicious actors to remove critical resources such as configuration files and database backups, potentially leading to website downtime, data breaches, and other severe consequences with widespread impact. Source:  User: Blackoo (UID 93743) Submission Date: 12/26/2025 09:20 AM (8 days ago) Moderation Date: 12/28/2025 11:24 AM (2 days later) Status: Duplicate VulDB Entry:  [GreenCMS up to 2.3 File DATAController.class.php sqlFiles/zipFiles path traversal] Points: 0