CVE-2020-37054 MEDIUM

CVE-2020-37054: Navigate CMS 2.8.7 - Cross-Site Request Forgery

Vendor Naviwebs S.c.
Product Navigate CMS
Weakness CWE-352 · CSRF
Published January 30, 2026
Last update March 5, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.

Key dates

02Disclosure timeline

January 30, 2026 CVE published
March 5, 2026 Record updated