Navigatecms@* Security Vulnerabilities and Issues — Navigatecms@* CVE List

Lucene search

NaviwebsNavigatecms*

5 matches found

cve•added 2021/07/26 6:15 p.m.•41 views

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

cve•added 2021/07/26 6:15 p.m.•40 views

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

cve•added 2021/07/26 6:15 p.m.•35 views

CVE-2021-37473

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

cve•added 2021/07/26 6:15 p.m.•35 views

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter children_order, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

cve•added 2021/07/26 6:15 p.m.•32 views

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS