CVE-2018-25393
Deferred Deferred - Pending Action
Path Traversal in Navigate CMS 2.8.5

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25393
EUVD
EUVD-2018-21915
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
navigate_cms navigate_cms 2.8.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2018-25393 is a path traversal vulnerability found in Navigate CMS version 2.8.5. It allows authenticated users to download arbitrary files from the server by injecting directory traversal sequences into the 'id' parameter of the navigate_download.php file.

Attackers exploit this flaw by sending specially crafted GET requests with payloads like '../../../cfg/globals.php' to access sensitive configuration or system files outside the intended directory.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive files on the server, including configuration files and system files.

An attacker with authenticated access can exploit this to gain access to sensitive information that could be used for further attacks or to compromise the system.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious GET requests to the navigate_download.php file that include directory traversal sequences in the id parameter.

For example, you can look for HTTP requests containing payloads like '../../../cfg/globals.php' or '../../../../../../../../Windows/win.ini' in the id parameter.

A simple command to detect such attempts in web server logs (e.g., Apache) could be:

  • grep -i "navigate_download.php" /var/log/apache2/access.log | grep "id=.."

This command searches for requests to navigate_download.php with id parameters containing directory traversal sequences (..).

Additionally, network intrusion detection systems (NIDS) can be configured to alert on HTTP GET requests with suspicious path traversal patterns targeting navigate_download.php.

Mitigation Strategies

Immediate mitigation steps include restricting access to the navigate_download.php file to only trusted authenticated users with necessary privileges.

Implement input validation and sanitization on the id parameter to prevent directory traversal sequences from being processed.

If possible, apply patches or updates provided by the vendor for Navigate CMS version 2.8.5 that address this vulnerability.

As a temporary workaround, consider blocking HTTP requests containing directory traversal patterns targeting navigate_download.php at the web server or firewall level.

Compliance Impact

The vulnerability allows authenticated users to download arbitrary files, including sensitive configuration and system files, by exploiting a path traversal flaw. This unauthorized access to sensitive data could lead to exposure of personal or protected information.

Such exposure of sensitive data may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information from unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25393. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart