NavigateCMS is a content management system. An access control error vulnerability exists in version 2.9 of NavigateCMS, which stems from the fact that the ID in the product/navigate/navigate_download.php file does not properly validate the data entered. An attacker could exploit this vulnerability to read arbitrary files.