CVE-2020-37054

Sažetak

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.

Reference

https://sourceforge.net/projects/navigatecms
https://www.exploit-db.com/exploits/48548
https://www.navigatecms.com/en/home
https://www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgery

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

30-01-2026 - 23:16

Objavljeno

30-01-2026 - 23:16