CVE-2018-17553

Name of the Vulnerable Software and Affected Versions Naviwebs Navigate CMS version 2.8

Description The issue concerns an "Unrestricted Upload of File with Dangerous Type" with directory traversal in navigate upload.php, allowing authenticated attackers to achieve remote code execution. This is done via a POST request with engine set to 'picnik' and id set to '../../../navigate info.php', which enables directory traversal.

Recommendations For Naviwebs Navigate CMS version 2.8, consider restricting access to the navigate upload.php file to prevent unauthorized uploads and directory traversal attacks. As a temporary workaround, restrict the engine parameter to prevent it from being set to 'picnik' and limit the id parameter to prevent directory traversal.