CVE-2019-25573

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat parameter to manipulate database queries and extract sensitive information.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.greencms.net/	Broken Link
https://codeload.github.com/GreenCMS/GreenCMS/zip/beta	Product
https://www.exploit-db.com/exploits/46244	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/green-cms-2-x-sql-injection-via-cat-parameter	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:njtech:greencms:*:*:*:*:*:*:*:*

History

24 Mar 2026, 16:39

Type	Values Removed	Values Added
First Time		Njtech Njtech greencms
Summary		(es) Green CMS 2.x contiene una vulnerabilidad de inyección SQL que permite a atacantes autenticados ejecutar consultas SQL arbitrarias inyectando código malicioso a través del parámetro cat. Los atacantes pueden enviar solicitudes GET a index.php con los parámetros m=admin, c=posts, a=index e inyectar código SQL en el parámetro cat para manipular consultas de base de datos y extraer información sensible.
References	~~() http://www.greencms.net/ -~~	() http://www.greencms.net/ - Broken Link
References	~~() https://codeload.github.com/GreenCMS/GreenCMS/zip/beta -~~	() https://codeload.github.com/GreenCMS/GreenCMS/zip/beta - Product
References	~~() https://www.exploit-db.com/exploits/46244 -~~	() https://www.exploit-db.com/exploits/46244 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/green-cms-2-x-sql-injection-via-cat-parameter -~~	() https://www.vulncheck.com/advisories/green-cms-2-x-sql-injection-via-cat-parameter - Third Party Advisory
CPE		cpe:2.3:a:njtech:greencms::::::::

21 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 16:16

Updated : 2026-03-24 16:39

NVD link : CVE-2019-25573

Mitre link : CVE-2019-25573

CVE.ORG link : CVE-2019-25573

JSON object : View

Products Affected

njtech

greencms

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.1 /10