86 matches found
CVE-2020-23242
NavigateCMS 2.9 is affected by a Cross Site Scripting (XSS) vulnerability when using the Create or Edit actions via the Tools feature. The issue is documented across multiple sources (including Red Hat, CNVD, CVE listings) with consistent description: XSS in NavigateCMS 2.9 during Create/Edit in ...
CVE-2020-23242
Cross Site Scripting XSS vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature...
CVE-2021-37476
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2021-37476
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37473
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2021-37477
In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...
CVE-2021-37478
In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37478
Summary (CVE-2021-37478): NavigateCMS up to version 2.9.4 contains a SQL injection in the block() function via the block-order parameter, enabling arbitrary SQL execution in the backend DB. Documented by multiple sources (NVD/CNVD/CVELIST/CNNVD). The root cause is an unsafeguarded input in the af...
CVE-2021-37478
In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37477
NavigateCMS is affected by a SQL injection in structure.php (parameter: children_order) for version 2.9.4 and earlier, enabling arbitrary SQL execution in the backend. The Root Cause is a vulnerable input handling path in the structure.php function. Reported severity ranges from HIGH (CVSS v2) to...
CVE-2021-37477
In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...
CVE-2021-37476
NavigateCMS 2.9.4 and earlier are affected by CVE-2021-37476 due to an SQL injection in product.php where the id parameter is exploited via a POST request, enabling arbitrary SQL queries in the backend database. The vulnerability stems from improper input handling in the affected function. The pr...
CVE-2021-37476
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2021-37475
NavigateCMS 2.9.4 and earlier are affected by an SQL injection in the template-properties-order parameter within templates.php, enabling arbitrary SQL execution in the backend database. This is the root cause described across multiple sources (CVE-2021-37475; CNVD/CNNVD entries). The vulnerabilit...