CVE-2018-17553

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8…

mitre·CWE-22·Published 2018-10-03

CVSS

—

EPSS

0.79

KEV

Exploits

cve.orgen

272 chars

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.

NVDen

272 chars

NVDes

300 chars

Un problema de "subida sin restricción de archivos con tipos peligrosos" con salto de directorio en navigate_upload.php en Naviwebs Navigate CMS 2.8 permite que atacantes autenticados logren ejecutar código de forma remota mediante una petición POST con engine=picnik y id=../../../navigate_info.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.0	Primary	NVD	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H