The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
9.8CVSS
9.4AI Score
0.002EPSS
5.4CVSS
5.3AI Score
0.001EPSS
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
5.4CVSS
5.3AI Score
0.001EPSS