Published: 03/06/2020 Updated: 04/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An issue exists in Navigate CMS up to and including 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.

Vulnerability Trend

Affected Products

Vendor Product Versions
NaviwebsNavigate Cms2.8.7

Mailing Lists

Navigate CMS version 287 suffers from an authenticated directory traversal vulnerability ...