CVE-2020-37054

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7

Description Navigate CMS 2.8.7 is susceptible to a cross-site request forgery condition. This allows attackers to upload malicious extensions through a specially crafted HTML page. An attacker can deceive authenticated administrators into performing arbitrary file uploads by exploiting the extension upload functionality, which lacks sufficient validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.