Vendor

Naviwebs

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2018-17552	Naviwebs Navigate CMS	Cri	0.10	9.8	0.84		Oct 3, 2018	SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CVE-2018-17553	Naviwebs Navigate CMS	Hig	0.09	8.8	0.79		Oct 3, 2018	An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.

CVE-2018-17552CriOct 3, 2018
Naviwebs
Navigate CMS
risk 0.10cvss 9.8epss 0.84
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CVE-2018-17553HigOct 3, 2018
Naviwebs
Navigate CMS
risk 0.09cvss 8.8epss 0.79
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.