2 matches found
CVE-2021-37473
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2021-37473
NavigateCMS 2.9.4 and earlier versions contain an SQL injection in the products-order parameter processed in products.php, allowing arbitrary SQL queries in the backend database. This is documented across multiple sources (e.g., NVD, CNVD/CNNVD) with no public patch/version details provided in th...