PT-2018-14052 · Naviwebs · Naviwebs Navigate Cms

Pyriphlegethon

Published

2018-10-03

Updated

2018-11-19

CVE-2018-17553

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Naviwebs Navigate CMS version 2.8

Description The issue concerns an "Unrestricted Upload of File with Dangerous Type" with directory traversal in navigate upload.php, allowing authenticated attackers to achieve remote code execution. This is done via a POST request with engine set to 'picnik' and id set to '../../../navigate info.php', which enables directory traversal.

Recommendations For Naviwebs Navigate CMS version 2.8, consider restricting access to the navigate upload.php file to prevent unauthorized uploads and directory traversal attacks. As a temporary workaround, restrict the engine parameter to prevent it from being set to 'picnik' and limit the id parameter to prevent directory traversal.

Exploit

Fix

Unrestricted File Upload

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-22

Related Identifiers

CVE-2018-17553

Affected Products

Naviwebs Navigate Cms

PT-2018-14052 · Naviwebs · Naviwebs Navigate Cms

CVE-2018-17553

Weakness Enumeration

Related Identifiers

Affected Products

References · 6