← Back

Navigate Cms

navigate_cms

Vendor: Naviwebs • 22 CVEs

CVEs (22)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-17553
1Naviwebs
1Navigate Cms
Nov 21, 2024
Oct 3, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request w...Show more
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.Show less
CVE-2018-17552
1Naviwebs
1Navigate Cms
Nov 21, 2024
Oct 3, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.