Navigatecms CVEs and Security Vulnerabilities

Filtered by vendor Naviwebs Subscriptions

Filtered by product Navigatecms Subscriptions

Search

Switch to Advanced Search (Beta)

Total 12 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-37478	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37477	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37476	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2021-37475	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37473	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2020-23657	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23656	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
CVE-2020-23655	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23654	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
CVE-2020-23243	1 Naviwebs	1 Navigatecms	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVE-2020-23242	1 Naviwebs	1 Navigatecms	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2020-14067	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.

Page 1 of 1.