Vulnerabilities > Naviwebs

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-03	CVE-2018-17553	Path Traversal vulnerability in Naviwebs Navigate CMS 2.8 An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. network low complexity naviwebs CWE-22	6.5
2018-10-03	CVE-2018-17552	SQL Injection vulnerability in Naviwebs Navigate CMS 2.8 SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. network low complexity naviwebs CWE-89	7.5

Vulnerabilities > Naviwebs {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Naviwebs"}]}