Unrated severityNVD Advisory· Published Jan 30, 2026· Updated Mar 5, 2026
Navigate CMS 2.8.7 - Cross-Site Request Forgery
CVE-2020-37054
Description
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =2.8.7
- Naviwebs S.C./Navigate CMSv5Range: 2.8.7
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/48548mitreexploit
- www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgerymitrethird-party-advisory
- sourceforge.net/projects/navigatecmsmitreproduct
- www.navigatecms.com/en/homemitreproduct
News mentions
0No linked articles in our index yet.