2 matches found
CVE-2021-37477
In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...
CVE-2021-37477
NavigateCMS is affected by a SQL injection in structure.php (parameter: children_order) for version 2.9.4 and earlier, enabling arbitrary SQL execution in the backend. The Root Cause is a vulnerable input handling path in the structure.php function. Reported severity ranges from HIGH (CVSS v2) to...