Lucene search
K

6 matches found

0day.today
0day.today
added 2018/10/08 12:0 a.m.106 views

Navigate CMS - Unauthenticated Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...

9.8CVSS0.4AI score0.84063EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/10/08 12:0 a.m.31 views

Navigate CMS - (Unauthenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...

7.4AI score
Exploits0
Circl
Circl
added 2018/10/04 11:53 a.m.16 views

CVE-2018-17552

creationtimestamp| type| source ---|---|--- 2018-10-04 11:53:58+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/navigatecmsrce.rb 2018-10-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45561 2023-12-29 08:24:20+00:00| seen|...

9.8CVSS8.7AI score0.84063EPSS
Exploits5References3
OSV
OSV
added 2018/10/03 8:29 p.m.21 views

CVE-2018-17552

SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie...

9.8CVSS8.4AI score
Exploits0References3
CVE
CVE
added 2018/10/03 8:0 p.m.81 views

CVE-2018-17552

Navigate CMS 2.8 is affected by multiple vulnerabilities described across connected sources. The core CVE-2018-17552 issue is a SQL Injection in login.php that allows bypassing authentication via the navigate-user cookie. Additionally, related sources describe an unauthenticated remote code execu...

9.8CVSS10AI score0.84063EPSS
Exploits5References3Affected Software1
Metasploit
Metasploit
added 2018/09/26 7:39 p.m.42 views

Navigate CMS Unauthenticated Remote Code Execution

This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigateupload.php that allows authenticated users to upload PHP files to arbitrary locations...

9.8CVSS8.1AI score0.84063EPSS
Exploits6
Rows per page
Query Builder