Security Advisory

CVE-2020-14067

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-15 00:41:38

Last updated 2024-08-04 12:32:14

Assigner mitre

State PUBLISHED

Description

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.

← Browse all CVEs View on cve.org ↗