6 matches found
Navigate CMS - Unauthenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
Navigate CMS - (Unauthenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
CVE-2018-17552
creationtimestamp| type| source ---|---|--- 2018-10-04 11:53:58+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/navigatecmsrce.rb 2018-10-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45561 2023-12-29 08:24:20+00:00| seen|...
CVE-2018-17552
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie...
CVE-2018-17552
Navigate CMS 2.8 is affected by multiple vulnerabilities described across connected sources. The core CVE-2018-17552 issue is a SQL Injection in login.php that allows bypassing authentication via the navigate-user cookie. Additionally, related sources describe an unauthenticated remote code execu...
Navigate CMS Unauthenticated Remote Code Execution
This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigateupload.php that allows authenticated users to upload PHP files to arbitrary locations...