Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sat, 30 May 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Navigate
Navigate navigate Cms |
|
| Vendors & Products |
Navigate
Navigate navigate Cms |
Fri, 29 May 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory. | |
| Title | Navigate CMS 2.8.5 Path Traversal via navigate_download.php | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-05-29T17:23:40.882Z
Reserved: 2026-05-29T11:31:03.212Z
Link: CVE-2018-25393
Updated: 2026-05-29T17:23:13.889Z
Status : Deferred
Published: 2026-05-29T16:16:18.680
Modified: 2026-05-29T16:29:11.350
Link: CVE-2018-25393
No data.
OpenCVE Enrichment
Updated: 2026-05-30T20:45:05Z