CVE-2021-44351

Name of the Vulnerable Software and Affected Versions NavigateCMS version 2.9

Description An arbitrary file read issue exists via the "/navigate/navigate download.php" id parameter. This allows for unauthorized access to files.

Recommendations For NavigateCMS version 2.9, as a temporary workaround, consider restricting access to the "/navigate/navigate download.php" endpoint until a patch is available. Avoid using the id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.