Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
naviwebs navigate cms 2.8 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-14014
An issue exists in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.
Naviwebs Navigate Cms 2.8
Naviwebs Navigate Cms 2.9
757
VMScore
CVE-2018-17552
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote malicious users to bypass authentication via the navigate-user cookie.
Naviwebs Navigate Cms 2.8
1 EDB exploit
6 Github repositories
656
VMScore
CVE-2018-17553
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated malicious users to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_i...
Naviwebs Navigate Cms 2.8
1 EDB exploit
4 Github repositories
312
VMScore
CVE-2018-17849
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
Naviwebs Navigate Cms 2.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started