Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.8 views

CVE-2020-14067

The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...

9.8CVSS7AI score0.0123EPSS
Exploits0
NVD
NVD
added 2020/06/15 1:15 a.m.20 views

CVE-2020-14067

The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...

9.8CVSS0.0123EPSS
Exploits0References1
CVE
CVE
added 2020/06/15 12:41 a.m.66 views

CVE-2020-14067

Navigate CMS 2.9 is affected by CVE-2020-14067. The root cause is the install_from_hash logic not recognizing the .phtml extension when scanning ZIP archives, specifically in check_upload within lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. This means ZIPs c...

9.8CVSS9.4AI score0.0123EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/15 12:41 a.m.20 views

CVE-2020-14067

The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...

9.5AI score0.0123EPSS
Exploits0References1
Rows per page
Query Builder