7.5
CVSSv2

CVE-2018-17552

Published: 03/10/2018 Updated: 19/11/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 795
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote malicious users to bypass authentication via the navigate-user cookie.

Vulnerability Trend

Affected Products

Vendor Product Versions
NaviwebsNavigate Cms2.8

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Navigate CMS Un ...

Metasploit Modules

Navigate CMS Unauthenticated Remote Code Execution

This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vulnerabilities allow an unauthenticated attacker to execute arbitrary PHP code remotely. This module was tested against Navigate CMS 2.8.

msf > use exploit/multi/http/navigate_cms_rce
      msf exploit(navigate_cms_rce) > show targets
            ...targets...
      msf exploit(navigate_cms_rce) > set TARGET <target-id>
      msf exploit(navigate_cms_rce) > show options
            ...show and set options...
      msf exploit(navigate_cms_rce) > exploit