CNNVD-202601-4976 Information

Jan 30, 2026 cve

CNNVD ID

CNNVD-202601-4976

CVE-2020-37054

  • CNNVD Published: 2026-01-30

Description (Chinese)

Naviwebs Navigate CMS是美国Naviwebs公司的一套开源的内容管理系统(CMS)。 Naviwebs Navigate CMS 2.8.7版本存在跨站请求伪造漏洞,该漏洞源于扩展上传功能存在跨站请求伪造,可能导致上传恶意扩展。

Description (English)

Naviwebs Navigate CMS is an open-source content management system (CMS) for Navivewebs in the United States. Version 2.8.7 of Navivewebs Navigate CMS contains a false loophole in cross-site requests, which stems from the presence of cross-site requests for forgery in extended upload functions, which may lead to malicious upload expansion.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Naviwebs

Published

2026-01-30

Last Modified

2026-02-24

References

https://sourceforge.net/projects/navigatecms https://www.exploit-db.com/exploits/48548 https://www.navigatecms.com/en/home https://www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgery

Share on: