What is CVE-2018-17553?

CVE-2018-17553 is a vulnerability in N/a. Published 2018-10-03.

Is CVE-2018-17553 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-17553

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik a…

EPSS: 0.796 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

MidwintersTomb/CVE-2018-17553
rapid7/metasploit-framework
ARPSyndicate/cvemon

References

github.com/NavigateCMS/Navigate-CMS/commit/2bdcb8b3c5bb23851a2115db96585f1ac8cb… (x_refsource_CONFIRM)
45561 (exploit, x_refsource_EXPLOIT-DB)
github.com/rapid7/metasploit-framework/pull/10704 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-17553?: CVE-2018-17553 is a vulnerability in N/a. Published 2018-10-03.
Is CVE-2018-17553 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.