CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37054

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.1%

CVSS Severity

CVSS v3 Score 4.3

References

https://sourceforge.net/projects/navigatecms
https://www.exploit-db.com/exploits/48548
https://www.navigatecms.com/en/home
https://www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgery

Products affected by CVE-2020-37054

Naviwebs » Navigate Cms » Version: 2.8.7

cpe:2.3:a:naviwebs:navigate_cms:2.8.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37054

Products

Pricing

Contact Us