Naviwebs S.C Navigate Cms vulnerabilities
2 known vulnerabilities affecting naviwebs_s.c/navigate_cms.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-37053P3MEDIUMCVSS 6.5v2.8.72026-01-30
CVE-2020-37053 [MEDIUM] CWE-89 CVE-2020-37053: Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to le
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative
nvd
CVE-2020-37054P3HIGHCVSS 8.8v2.8.72026-01-30
CVE-2020-37054 [HIGH] CWE-352 CVE-2020-37054: Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to uplo
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
nvd