CVE-2022-28117

MEDIUM NUCLEI

Navigate CMS 2.9.4 - Server-Side Request Forgery via Feed Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-28117. PoCs published by cheshireca7, kimstars. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an authenticated SSRF vulnerability in Navigate CMS 2.9.4 and earlier. It authenticates as a user, then abuses the cache feature to retrieve responses from arbitrary URLs, including local files.

Description

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

Exploits (3)

exploitdb WORKING POC

by cheshireca7 · pythonwebappsphp

https://www.exploit-db.com/exploits/50921

View Code ZIP pw:eip

This exploit demonstrates an authenticated SSRF vulnerability in Navigate CMS 2.9.4 and earlier. It authenticates as a user, then abuses the cache feature to retrieve responses from arbitrary URLs, including local files.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Navigate CMS <= 2.9.4

Auth required

Prerequisites: Valid credentials for Navigate CMS · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by cheshireca7 · poc

https://github.com/cheshireca7/CVE-2022-28117

View Code ZIP pw:eip

This PoC exploits an authenticated SSRF vulnerability in Navigate CMS <= 2.9.4 by abusing the feed_parser class to force arbitrary requests. It includes authentication handling and response retrieval via cached files.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Navigate CMS <= 2.9.4

Auth required

Prerequisites: Valid credentials for Navigate CMS · Access to the target's login page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by kimstars · poc

https://github.com/kimstars/POC-CVE-2022-28117

View Code ZIP pw:eip

This PoC exploits an authenticated SSRF vulnerability in Navigate CMS 2.9.4 and earlier by abusing the cache feature to retrieve responses from internal resources. It includes login functionality and leverages the SSRF to fetch content from specified URLs (default: file:///etc/passwd).

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Navigate CMS <= 2.9.4

Auth required

Prerequisites: Valid credentials for Navigate CMS · Access to the login page · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Navigate CMS 2.9.4 - Server-Side Request Forgery

MEDIUMVERIFIEDby theabhinavgaur

References (3)

Core 3

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5

Exploit, Third Party Advisory x_refsource_misc

https://www.youtube.com/watch?v=4kHW95CMfD0

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167063/Navigate-CMS-2.9.4-Server-Side-Request-Forgery.html

Scores

CVSS v3 4.9

EPSS 0.2067

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-918

Status published

Products (1)

naviwebs/navigate_cms 2.9.4

Published Apr 28, 2022

Tracked Since Feb 18, 2026