Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Naviwebs Subscribe
Filtered by product Navigatecms
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37478 1 Naviwebs 1 Navigatecms 2021-08-03 7.5 HIGH 9.8 CRITICAL
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
CVE-2020-23242 1 Naviwebs 1 Navigatecms 2021-07-30 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2020-23243 1 Naviwebs 1 Navigatecms 2021-07-30 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVE-2021-37475 1 Naviwebs 1 Navigatecms 2021-07-28 7.5 HIGH 9.8 CRITICAL
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37476 1 Naviwebs 1 Navigatecms 2021-07-28 7.5 HIGH 9.8 CRITICAL
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2021-37477 1 Naviwebs 1 Navigatecms 2021-07-28 7.5 HIGH 9.8 CRITICAL
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37473 1 Naviwebs 1 Navigatecms 2021-07-28 7.5 HIGH 9.8 CRITICAL
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2020-23654 1 Naviwebs 1 Navigatecms 2020-08-26 3.5 LOW 5.4 MEDIUM
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
CVE-2020-23655 1 Naviwebs 1 Navigatecms 2020-08-26 3.5 LOW 5.4 MEDIUM
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23657 1 Naviwebs 1 Navigatecms 2020-08-26 3.5 LOW 5.4 MEDIUM
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23656 1 Naviwebs 1 Navigatecms 2020-08-26 3.5 LOW 5.4 MEDIUM
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
CVE-2020-14067 1 Naviwebs 1 Navigatecms 2020-06-17 7.5 HIGH 9.8 CRITICAL
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.