CVE-2018-25393
Path Traversal in Navigate CMS 2.8.5
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| navigate_cms | navigate_cms | 2.8.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25393 is a path traversal vulnerability found in Navigate CMS version 2.8.5. It allows authenticated users to download arbitrary files from the server by injecting directory traversal sequences into the 'id' parameter of the navigate_download.php file.
Attackers exploit this flaw by sending specially crafted GET requests with payloads like '../../../cfg/globals.php' to access sensitive configuration or system files outside the intended directory.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive files on the server, including configuration files and system files.
An attacker with authenticated access can exploit this to gain access to sensitive information that could be used for further attacks or to compromise the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious GET requests to the navigate_download.php file that include directory traversal sequences in the id parameter.
For example, you can look for HTTP requests containing payloads like '../../../cfg/globals.php' or '../../../../../../../../Windows/win.ini' in the id parameter.
A simple command to detect such attempts in web server logs (e.g., Apache) could be:
- grep -i "navigate_download.php" /var/log/apache2/access.log | grep "id=.."
This command searches for requests to navigate_download.php with id parameters containing directory traversal sequences (..).
Additionally, network intrusion detection systems (NIDS) can be configured to alert on HTTP GET requests with suspicious path traversal patterns targeting navigate_download.php.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the navigate_download.php file to only trusted authenticated users with necessary privileges.
Implement input validation and sanitization on the id parameter to prevent directory traversal sequences from being processed.
If possible, apply patches or updates provided by the vendor for Navigate CMS version 2.8.5 that address this vulnerability.
As a temporary workaround, consider blocking HTTP requests containing directory traversal patterns targeting navigate_download.php at the web server or firewall level.