CVE-2018-17552

SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.

CVE-2020-23711

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.