First published: Wed Jun 03 2020(Updated: )
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Naviwebs Navigate CMS | <=2.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-13795 is medium with a CVSS score of 5.3.
CVE-2020-13795 affects Navigate CMS versions up to and including 2.8.7.
Directory Traversal vulnerability allows an attacker to access restricted directories and files by manipulating file paths.
CVE-2020-13795 allows an attacker to perform Directory Traversal in Navigate CMS by mishandling ../ and ..\ substrings in the template.class.php file.
To fix the Directory Traversal vulnerability in Navigate CMS, update to a version of Navigate CMS that is higher than 2.8.7.