Navigatecms Security Vulnerabilities

CVE-2020-23243

Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect"...

CVE-2020-23242

Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools...

CVE-2021-37473

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend...

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend...

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter children_order, which results in arbitrary sql query execution in the backend...

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend...

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend...

CVE-2020-23657

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module...

CVE-2020-23655

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module...

CVE-2020-23654

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module...

CVE-2020-23656

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module...

CVE-2020-14067

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and...