CVE-2020-13795

Vulnerability

Navigate CMS through version 2.8.7 contains a directory traversal vulnerability in lib/packages/templates/template.class.php. The library improperly handles ../ and ..\ substrings, enabling path traversal outside the intended directory [1]. The issue affects all installations up to and including version 2.8.7.

Exploitation

An attacker can exploit this vulnerability by crafting a request that includes ../ sequences in a parameter processed by the affected template class. No authentication is required if the vulnerable endpoint is accessible to unauthenticated users. The attacker sends a specially crafted request that traverses directories to access files outside the web root [1].

Impact

Successful exploitation allows an attacker to read arbitrary files on the server, potentially exposing sensitive information such as configuration files containing credentials or other confidential data. This leads to a loss of confidentiality. The directory traversal does not appear to permit file writing or code execution based on the available information [1].

Mitigation

As of the latest published information, no official patch has been released by the vendor. Users should consider upgrading to a newer version if available, or implement input validation to block ../ sequences in user-supplied parameters. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog as of the publication date [1].