📄 Description (English)
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat parameter to manipulate database queries and extract sensitive information.
🤖 AI Executive Summary
Green CMS 2.x contains an authenticated SQL injection vulnerability in the cat parameter that allows attackers to execute arbitrary SQL queries and extract sensitive data. With CVSS 7.1 and public exploits available, this poses a significant risk to organizations using this CMS for content management. The lack of available patches makes immediate mitigation through compensating controls critical for affected Saudi organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 9, 2026 19:36
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi government agencies, educational institutions, and small-to-medium enterprises using Green CMS for website management. Government entities under NCA oversight and ARAMCO subsidiary websites are at elevated risk. Healthcare organizations using this CMS for patient information portals face potential HIPAA-equivalent compliance violations. The authenticated nature reduces immediate risk but insider threats and compromised admin accounts could lead to database exfiltration of customer data, financial records, and confidential government information.
🏢 Affected Saudi Sectors
Government
Education
Healthcare
Small-to-Medium Enterprises
Media and Publishing
Non-profit Organizations
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Green CMS 2.x installations in your environment and document their criticality
2. Restrict administrative access to Green CMS to trusted networks only using firewall rules
3. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the cat parameter
4. Monitor database query logs for suspicious SQL patterns and unauthorized data access
5. Enforce strong authentication (MFA) for all CMS admin accounts
COMPENSATING CONTROLS:
6. Apply input validation and parameterized queries at the application level if source code access available
7. Implement database activity monitoring (DAM) to detect anomalous queries
8. Use database user accounts with minimal privileges for CMS operations
9. Enable SQL query logging and audit trails
10. Conduct immediate security assessment of database backups for unauthorized access
DETECTION RULES:
- Monitor GET requests to index.php with parameters m=admin&c=posts&a=index containing SQL keywords (UNION, SELECT, DROP, INSERT) in cat parameter
- Alert on database connections executing queries from CMS service accounts outside normal patterns
- Track failed authentication attempts followed by successful admin logins
LONG-TERM:
11. Plan migration to actively maintained CMS platforms (WordPress with security plugins, Joomla, Drupal)
12. Conduct code review if internal modifications possible to patch SQL injection
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع تثبيتات Green CMS 2.x في بيئتك وقثق أهميتها
2. قيد الوصول الإداري إلى Green CMS للشبكات الموثوقة فقط باستخدام قواعد جدار الحماية
3. طبق قواعد جدار تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معامل cat
4. راقب سجلات استعلامات قاعدة البيانات للأنماط المريبة والوصول غير المصرح به
5. فرض المصادقة القوية (MFA) لجميع حسابات مسؤولي CMS
الضوابط البديلة:
6. طبق التحقق من صحة الإدخال والاستعلامات المعاملة على مستوى التطبيق
7. طبق مراقبة نشاط قاعدة البيانات (DAM) للكشف عن الاستعلامات الشاذة
8. استخدم حسابات مستخدمي قاعدة البيانات بأقل صلاحيات للعمليات
9. فعّل تسجيل استعلامات SQL ومسارات التدقيق
10. أجرِ تقييماً أمنياً فورياً لنسخ احتياطية من قاعدة البيانات للوصول غير المصرح به
قواعد الكشف:
- راقب طلبات GET إلى index.php تحتوي على كلمات SQL في معامل cat
- أصدر تنبيهات عند اتصالات قاعدة البيانات التي تنفذ استعلامات غير عادية
- تتبع محاولات المصادقة الفاشلة متبوعة بعمليات تسجيل دخول إدارية ناجحة
المدى الطويل:
11. خطط للهجرة إلى منصات CMS مدعومة بنشاط
12. أجرِ مراجعة الكود إذا كانت التعديلات الداخلية ممكنة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.14.2.1 - Secure development policy and procedures
A.14.2.5 - Secure development environment
A.12.6.1 - Management of technical vulnerabilities
A.12.2.1 - Monitoring of system use
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.AC-1 - Access control and authentication
DE.CM-1 - Detection and monitoring of unauthorized access
RS.MI-1 - Incident response and mitigation
🟡 ISO 27001:2022
A.12.2.1 - Change management procedures
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.13.1.1 - Information transfer policies and procedures
🟣 PCI DSS v4.0.1
6.2 - Security patches and updates
6.5.1 - Injection flaws prevention
10.2 - Logging and monitoring of access
🔗 References & Sources 4
🔗
http://www.greencms.net/
disclosure@vulncheck.com
Broken Link
🔗
https://codeload.github.com/GreenCMS/GreenCMS/zip/beta
disclosure@vulncheck.com
Product
🔗
https://www.exploit-db.com/exploits/46244
disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
🔗
https://www.vulncheck.com/advisories/green-cms-2-x-sql-injection-via-cat-parameter
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
njtech:greencms