Vulnerabilities > Naviwebs > Navigate CMS > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-06 CVE-2021-44351 Path Traversal vulnerability in Naviwebs Navigate CMS 2.9
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.
network
low complexity
naviwebs CWE-22
7.5
7.5
2021-08-06 CVE-2021-36455 SQL Injection vulnerability in Naviwebs Navigate CMS 2.9
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
network
low complexity
naviwebs CWE-89
8.8
8.8
2020-06-24 CVE-2020-14017 Cleartext Storage of Sensitive Information vulnerability in Naviwebs Navigate CMS 2.9
An issue was discovered in Navigate CMS 2.9 r1433.
network
low complexity
naviwebs CWE-312
7.5
7.5
2020-06-24 CVE-2020-14015 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Naviwebs Navigate CMS 2.9
An issue was discovered in Navigate CMS 2.9 r1433.
network
low complexity
naviwebs CWE-640
7.5
7.5
2018-10-03 CVE-2018-17553 Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigate CMS 2.8
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
network
low complexity
naviwebs CWE-434
8.8
8.8