Description
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
Published: 2026-05-29
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Navigate CMS 2.8.5 contains a path traversal flaw in navigate_download.php that lets an authenticated user download any file by manipulating the id parameter. By inserting directory traversal sequences such as ../../../cfg/globals.php, an attacker can retrieve sensitive configuration files and other system files that should not be publicly exposed, leading to a confidentiality breach.

Affected Systems

The vulnerability affects Navigate CMS version 2.8.5. No other versions are listed as vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated to the CMS, after which they can craft a GET request with a traversal payload. Because authentication is required, the risk is lower than a remote code execution vulnerability but still significant for confidential data exposure.

Generated by OpenCVE AI on May 29, 2026 at 17:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Navigate CMS to a patched release that eliminates the path traversal flaw.
  • Configure the web server and file system permissions to deny access to configuration directories such as cfg/*.
  • Validate and sanitize the id parameter in navigate_download.php so it only accepts whitelisted filenames within the intended directory.

Generated by OpenCVE AI on May 29, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
Title Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-29T17:23:40.882Z

Reserved: 2026-05-29T11:31:03.212Z

Link: CVE-2018-25393

cve-icon Vulnrichment

Updated: 2026-05-29T17:23:13.889Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:18.680

Modified: 2026-05-29T16:29:11.350

Link: CVE-2018-25393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses