4 matches found
CVE-2020-14067
The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...
CVE-2020-14067
The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...
CVE-2020-14067
Navigate CMS 2.9 is affected by CVE-2020-14067. The root cause is the install_from_hash logic not recognizing the .phtml extension when scanning ZIP archives, specifically in check_upload within lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. This means ZIPs c...
CVE-2020-14067
The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...