Every CVE whose affected-product data names Naviwebs Navigatecms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-14067 — CVSS 9.8 (critical): The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive…
CVE-2021-37473 — CVSS 9.8 (critical): In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a…
CVE-2021-37475 — CVSS 9.8 (critical): In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`…
CVE-2021-37476 — CVSS 9.8 (critical): In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request…
CVE-2021-37477 — CVSS 9.8 (critical): In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which…
CVE-2021-37478 — CVSS 9.8 (critical): In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in…
CVE-2020-23242 — CVSS 4.8 (medium): Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2020-23243 — CVSS 4.8 (medium): Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.