27 matches found
Naviwebs Navigate CMS 路径遍历漏洞
Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.5 of Naviwebs Navigate CMS, there is a path traversal vulnerability. This vulnerability stems from the injection of directory traversal sequences in the id parameter, which may allow...
Naviwebs Navigate CMS SQL Injection Vulnerability
Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.7 of Naviwebs Navigate CMS, there is a SQL injection vulnerability. This vulnerability stems from the sidx parameter in the comments, which allows for SQL injections, potentially leadin...
EUVD-2021-23056
Malware in sbrugna...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms
It is an exploit module targeting Apache HTTP Server. The targe...
Naviwebs Navigate CMS 跨站脚本漏洞
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. Naviwebs Navigate CMS suffers from a cross-site scripting vulnerability that originates from a lack of proper validation of client-side data by the WEB application. An attacker can...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
Cross site scripting
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
Sql injection
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...
CVE-2021-36455
CVE-2021-36455 affects Naviwebs Navigate CMS 2.9. The vulnerability is a SQL Injection in the quicksearch parameter of lib/packages/comments/comments.php, caused by insufficient input filtering. Documents confirm the affected product/version and root cause; no explicit exploitation details are pr...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
Naviwebs Navigate CMS Authorization Issues Vulnerability
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in the password recovery feature in Naviwebs Navigate CMS version 2.9 r1433, which originates from a notfound message being returned when the user name o...
Naviwebs Navigate CMS Authorization Issue Vulnerability (CNVD-2020-35977)
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Naviwebs Navigate CMS version 2.9 r1433, which originated when the program resets passwords, allowing users to continue setting passwords even if an...
Naviwebs Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-35980)
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A cross-site scripting vulnerability exists in Naviwebs Navigate CMS version 2.9 r1433. The vulnerability stems from a lack of proper validation of client-side data by the WEB...
Unspecified Vulnerability in Naviwebs Navigate CMS
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Naviwebs Navigate CMS 2.9 r1433, which originates from the program storing sessions and related information e.g. CSRF tokens in plaintext files in...
Naviwebs Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-35976)
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A cross-site scripting vulnerability exists in the query parameter 'fid' in the navigation.php file in Naviwebs Navigate CMS version 2.9 r1433. The vulnerability stems from the WEB...
Naviwebs Navigate CMS Code Issue Vulnerability
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in the installfromhash function in Naviwebs Navigate CMS version 2.9, which can be exploited by attackers to compromise confidentiality, integrity, and...
Naviwebs Navigate CMS SQL Injection Vulnerability
Naviwebs Navigate CMS is an open source content management system CMS. A SQL injection vulnerability exists in the login.php file in Naviwebs Navigate CMS version 2.8. A remote attacker can exploit the vulnerability to bypass authentication...
CVE-2018-17553
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigateupload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigateinfo.php...