Medium severity6.5NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2018-25393
CVE-2018-25393
Description
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =2.8.5
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.