CVE-2021-37475
NavigateCMS 2.9.4 and earlier are affected by an SQL injection in the template-properties-order parameter within templates.php, enabling arbitrary SQL execution in the backend database. This is the root cause described across multiple sources (CVE-2021-37475; CNVD/CNNVD entries). The vulnerabilit...