Navigate CMS Cross-Site Request Forgery Vulnerability Allowing Arbitrary File Uploads

A cross-site request forgery (CSRF) vulnerability has been identified in Navigate CMS version 2.8.7. This vulnerability allows attackers to upload malicious extensions by exploiting the extension upload feature, which lacks proper validation. The issue arises when an authenticated administrator is tricked into interacting with a crafted HTML page that initiates the file upload.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing for the execution of malicious code or the introduction of harmful files into the application.

Reproduction

To reproduce this vulnerability, an authenticated administrator must be persuaded to open a specially crafted HTML page. This page should include a script that uploads a malicious ZIP file containing a PHP payload disguised as an image. Once the file is uploaded, the PHP script can be executed by accessing it directly on the server.