CVE Vulnerability

CVE-2020-13795

An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and .. substrings.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/NavigateCMS/Navigate-CMS/commit/88b41c7665ac7181be063b7a541dded7b207d9e7 Patch Third Party Advisory
http://packetstormsecurity.com/files/157940/Navigate-CMS-2.8.7-Directory-Traversal.html
Configurations

Configuration 1

cpe:2.3:a:naviwebs:navigate_cms:*:*:*:*:*:*:*:*
Information

Published : 2020-06-03 10:15

Updated : 2020-06-04 09:15

NVD link : CVE-2020-13795

Mitre link : CVE-2020-13795

Products Affected
No products.
CWE
CWE-22