Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-17553

Published: 03/10/2018 Updated: 19/11/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Naviwebs

Vulnerability Summary

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated malicious users to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

naviwebs navigate cms 2.8

Exploits

Exploit DB: Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Navigate CMS Un ...

Github Repositories

https://github.com/0x4r2/Navigate-CMS-RCE-Unauthenticated-

This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8

Navigate-CMS-RCE -Unauthenticated- This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 28 This script exploits: CVE 2018-17552 # Authentication bypass CVE 2018-17553 # File upload Use Mode wget rawgithubusercontentcom/0x4r2/Navigate-CMS-RCE-Unauthenticated-/main/navigate_RCEsh /navigate_RCEsh navigatorhm

https://github.com/albertor02/Navigate-CMS-RCE-Unauthenticated-

This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8

Navigate-CMS-RCE -Unauthenticated- This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 28 This script exploits: CVE 2018-17552 # Authentication bypass CVE 2018-17553 # File upload Use Mode wget rawgithubusercontentcom/0x4r2/Navigate-CMS-RCE-Unauthenticated-/main/navigate_RCEsh /navigate_RCEsh navigatorhm

https://github.com/MidwintersTomb/CVE-2018-17553

CVE-2018-17553 PoC

CVE-2018-17553 CVE-2018-17553 PoC (Navigate CMS version 28 and prior) This proof of concept was put together when working on the Black Pearl box from TCM I couldn't find anyone that put out a PoC other than just using Metasploit As I'm avoiding Metasploit in my hacking journey to then go back and do everything all over again with it, I whipped this together quick

References

CWE-22CWE-434https://github.com/rapid7/metasploit-framework/pull/10704https://github.com/NavigateCMS/Navigate-CMS/commit/2bdcb8b3c5bb23851a2115db96585f1ac8cb2d1ehttps://www.exploit-db.com/exploits/45561/https://nvd.nist.govhttps://github.com/0x4r2/Navigate-CMS-RCE-Unauthenticated-https://www.exploit-db.com/exploits/45561/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook