CVE-2020-14067

Published: Jun 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/NavigateCMS/Navigate-CMS/commit/f1f47126b359d73a2635306ae46d8719c14d240b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14067

Description

Affected Products

References