Vulnerabilities > Naviwebs

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-28	CVE-2022-28117	Server-Side Request Forgery (SSRF) vulnerability in Naviwebs Navigate CMS 2.9.4 A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. network low complexity naviwebs CWE-918	4.9
2022-01-19	CVE-2021-44299	Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9.4 A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. network low complexity naviwebs CWE-79	5.4
2022-01-06	CVE-2021-44351	Path Traversal vulnerability in Naviwebs Navigate CMS 2.9 An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. network low complexity naviwebs CWE-22	7.5
2021-08-06	CVE-2021-36454	Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9 Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files. network low complexity naviwebs CWE-79	5.4
2021-08-06	CVE-2021-36455	SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. network low complexity naviwebs CWE-89	8.8
2021-07-26	CVE-2020-23242	Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9 Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. network low complexity naviwebs CWE-79	4.8
2021-07-26	CVE-2020-23243	Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9 Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature. network low complexity naviwebs CWE-79	4.8
2021-07-26	CVE-2021-37473	SQL Injection vulnerability in Naviwebs Navigatecms 2.9 In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. network low complexity naviwebs CWE-89 critical	9.8
2021-07-26	CVE-2021-37475	SQL Injection vulnerability in Naviwebs Navigatecms 2.9 In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. network low complexity naviwebs CWE-89 critical	9.8
2021-07-26	CVE-2021-37476	SQL Injection vulnerability in Naviwebs Navigatecms 2.9 In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database. network low complexity naviwebs CWE-89 critical	9.8

Vulnerabilities > Naviwebs {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Naviwebs"}]}

Vulnerabilities > Naviwebs