CVE-2018-25393

Navigate CMS 2.8.5 Path Traversal via navigate_download.php

CVSS 7.1 HIGHEPSS 0.6%CWE-22

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Navigatecms · Navigate CMS

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45615unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip https://www.exploit-db.com/exploits/45615 https://www.navigatecms.com/https://www.vulncheck.com/advisories/navigate-cms-path-traversal-via-navigate-download-php