NavigateCMS

5 exploits Active since Jun 2020
CVE-2020-13795 WRITEUP MEDIUM WRITEUP
Navigate CMS < 2.8.7 - Path Traversal via Template Class
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
CVSS 5.3
CVE-2020-13796 WRITEUP MEDIUM WRITEUP
Navigate CMS < 2.8.7 - Cross-Site Scripting in structure.class.php
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
CVSS 6.1
CVE-2020-13797 WRITEUP MEDIUM WRITEUP
Navigate CMS < 2.8.7 - Cross-Site Scripting in Website Class
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
CVSS 6.1
CVE-2020-13798 WRITEUP MEDIUM WRITEUP
Navigate CMS < 2.8.7 - Cross-Site Scripting in Feed Class
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
CVSS 6.1
CVE-2020-14067 WRITEUP CRITICAL WRITEUP
Naviwebs Navigatecms - Unrestricted File Upload
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
CVSS 9.8