Vulnerabilities ›

CVE-2018-25393

Medium

CWE-22 — Weakness Type

                    Published: May 29, 2026                      ·  Modified: Jun 1, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.

🤖 AI Executive Summary

CVE-2018-25393 is a path traversal vulnerability in Navigate CMS 2.8.5 that allows authenticated users to download arbitrary files from the server by manipulating the id parameter with directory traversal sequences. While requiring authentication, this vulnerability enables attackers to access sensitive configuration files and system data outside intended directories. The lack of available patches and no known exploits make this a moderate but persistent risk requiring immediate compensating controls.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 10:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations using Navigate CMS 2.8.5 face moderate risk, particularly in government agencies, educational institutions, and smaller enterprises that may use this CMS for content management. The vulnerability is most concerning for organizations handling sensitive internal documentation, configuration data, and system files. Banking and financial sectors using this CMS could expose configuration files containing database credentials or API keys. Government entities under NCA oversight face compliance implications if sensitive citizen data or administrative files are exposed through this vulnerability.

🏢 Affected Saudi Sectors

Government Education Healthcare Small and Medium Enterprises Content Management Services Non-profit Organizations

🎯 MITRE ATT&CK Techniques

T1005 - Data from Local System T1040 - Traffic Capture or Redirection T1083 - File and Directory Discovery T1087 - Account Discovery T1114 - Email Collection T1213 - Data from Information Repositories T1530 - Data from Cloud Storage T1552 - Unsecured Credentials T1555 - Credentials from Password Stores T1557 - Man-in-the-Middle T1566 - Phishing T1190 - Exploit Public-Facing Application

⚖️ Saudi Risk Score (AI)

5.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Audit all Navigate CMS 2.8.5 installations in your environment and document their locations

2. Review access logs for navigate_download.php to identify suspicious download patterns or path traversal attempts

3. Restrict access to navigate_download.php to specific IP ranges and implement rate limiting

Compensating Controls (No Patch Available):

1. Implement Web Application Firewall (WAF) rules to block requests containing ../ sequences in the id parameter

2. Apply input validation at the application level to reject any id parameters containing directory traversal characters (../, .., backslashes)

3. Implement strict file access controls at the OS level to limit the web server process permissions

4. Disable directory listing and restrict file access to only intended download directories

5. Implement file integrity monitoring on sensitive configuration files (cfg/globals.php, database configs)

Detection Rules:

1. Monitor for GET requests to navigate_download.php with id parameters containing: ../, ..\, %2e%2e, %252e%252e

2. Alert on any access attempts to files outside the designated download directory

3. Log and review all successful file downloads from navigate_download.php

4. Implement SIEM rules to detect multiple failed download attempts (potential reconnaissance)

Upgrade Path:

1. Plan immediate migration away from Navigate CMS 2.8.5 to a supported and patched CMS solution

2. If migration is not immediately possible, implement the compensating controls above as temporary measures

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع تثبيتات Navigate CMS 2.8.5 في بيئتك وتوثيق مواقعها

2. مراجعة سجلات الوصول لـ navigate_download.php لتحديد أنماط التنزيل المريبة أو محاولات اجتياز المسار

3. تقييد الوصول إلى navigate_download.php لنطاقات IP محددة وتطبيق تحديد معدل الطلبات

الضوابط التعويضية (لا يوجد تصحيح متاح):

1. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على تسلسلات ../ في معامل المعرف

2. تطبيق التحقق من صحة الإدخال على مستوى التطبيق لرفض معاملات المعرف التي تحتوي على أحرف اجتياز الدليل (../, .., الشرطة المائلة العكسية)

3. تطبيق ضوابط الوصول الصارمة على مستوى نظام التشغيل لتحديد أذونات عملية خادم الويب

4. تعطيل قائمة الدليل وتقييد الوصول إلى الملفات بالأدلة المقصودة للتنزيل فقط

5. تطبيق مراقبة سلامة الملفات على ملفات التكوين الحساسة (cfg/globals.php، تكوينات قاعدة البيانات)

قواعد الكشف:

1. مراقبة طلبات GET إلى navigate_download.php مع معاملات المعرف التي تحتوي على: ../, ..\, %2e%2e, %252e%252e

2. التنبيه على أي محاولات وصول إلى ملفات خارج دليل التنزيل المخصص

3. تسجيل ومراجعة جميع تنزيلات الملفات الناجحة من navigate_download.php

4. تطبيق قواعد SIEM للكشف عن محاولات تنزيل متعددة فاشلة (استطلاع محتمل)

مسار الترقية:

1. التخطيط للهجرة الفورية بعيداً عن Navigate CMS 2.8.5 إلى حل CMS مدعوم وملصق

2. إذا لم تكن الهجرة ممكنة على الفور، قم بتطبيق الضوابط التعويضية أعلاه كتدابير مؤقتة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies and Procedures A.6.1.1 - Access Control Policy A.6.2.1 - User Registration and De-registration A.6.2.2 - User Access Rights Review A.7.1.1 - Cryptography Policy A.8.1.1 - Objective of Information Security Incident Management A.8.2.1 - Responsibilities and Procedures A.12.2.1 - Restrictions on Software Installation A.12.4.1 - Event Logging A.12.4.3 - Administrator and Operator Logs A.14.1.1 - Information Security Requirements Analysis and Specification

🔵 SAMA CSF

Governance - Policy and Risk Management Governance - Compliance and Audit Protection - Access Control Protection - Data Protection Detection - Monitoring and Logging Response - Incident Management

🟡 ISO 27001:2022

5.1 - Policies for information security 6.1 - Screening 6.2 - Terms and conditions of employment 6.5 - Access rights 7.1 - Monitoring, review and change management of information and other associated assets 8.1 - User endpoint devices 8.2 - Privileged access rights 8.3 - Information access restriction 8.22 - Monitoring activities 8.23 - Administrator and operator logs 8.24 - Clock synchronization

🟣 PCI DSS v4.0.1

Requirement 1.1 - Firewall configuration standards Requirement 2.1 - Default security parameters Requirement 6.2 - Security patches Requirement 6.5.1 - Injection flaws Requirement 10.1 - Implement automated audit trails Requirement 10.2.1 - User access to cardholder data

🔗 References & Sources 4

🔗

http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/45615

disclosure@vulncheck.com

🔗

https://www.navigatecms.com/

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/navigate-cms-path-traversal-via-navigate-download-php

disclosure@vulncheck.com

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-22

EPSS0.17%

Exploit No

Patch ✗ No

Published 2026-05-29

Source Feed nvd

🇸🇦 Saudi Risk Score

5.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2018-25393

Introduce Yourself

Sign In Required