CVE-2020-37054 – Navigate CMS 2.8.7 – Cross-Site Request Forgery

CVE ID : CVE-2020-37054

Published : Jan. 30, 2026, 11:16 p.m. | 1 hour, 56 minutes ago

Description : Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…