6 matches found
Naviwebs Navigate CMS Directory Traversal (CVE-2018-17553)
A directory traversal vulnerability exists in Naviwebs Navigate CMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Navigate CMS - Unauthenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
Navigate CMS - (Unauthenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
CVE-2018-17553
creationtimestamp| type| source ---|---|--- 2018-10-04 11:53:58+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/navigatecmsrce.rb 2018-10-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45561 2025-02-06 03:13:43+00:00| seen|...
CVE-2018-17553
Navigate CMS 2.8 is affected by CVE-2018-17553 via a directory traversal in navigate_upload.php that enables Unrestricted Upload of File with Dangerous Type, allowing remote code execution after an authenticated POST (engine=picnik, id=../../../navigate_info.php). Public references show an unauth...
Navigate CMS Unauthenticated Remote Code Execution
This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigateupload.php that allows authenticated users to upload PHP files to arbitrary locations...