CVE-2020-13795: Path Traversal
First published: Wed Jun 03 2020(Updated: )
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Naviwebs Navigate CMS | <=2.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13795?
The severity of CVE-2020-13795 is medium with a CVSS score of 5.3.
How does CVE-2020-13795 affect Navigate CMS?
CVE-2020-13795 affects Navigate CMS versions up to and including 2.8.7.
What is Directory Traversal vulnerability?
Directory Traversal vulnerability allows an attacker to access restricted directories and files by manipulating file paths.
How can Directory Traversal vulnerability be exploited in Navigate CMS?
CVE-2020-13795 allows an attacker to perform Directory Traversal in Navigate CMS by mishandling ../ and ..\ substrings in the template.class.php file.
How can I fix the Directory Traversal vulnerability in Navigate CMS?
To fix the Directory Traversal vulnerability in Navigate CMS, update to a version of Navigate CMS that is higher than 2.8.7.
- collector/nvd-index
- vendor/naviwebs
- canonical/naviwebs navigate cms
- version/naviwebs navigate cms/2.8.7