Description
This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication.
The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vulnerabilities allow an unauthenticated attacker to execute arbitrary PHP code remotely.
This module was tested against Navigate CMS 2.8.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/http/navigate_cms_rcemsf undefined(navigate_cms_rce) > show actions ...actions...msf undefined(navigate_cms_rce) > set ACTION < action-name >msf undefined(navigate_cms_rce) > show options ...show and set options...msf undefined(navigate_cms_rce) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub