📦 Navigate Cms

NavigateCMS 2.9 contains a SQL injection vulnerability in the navigate.php file via the URL-encoded GET parameter 'category'. This allows attackers to execute arbitrary SQL commands on the database. A...

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability in the 'sidx' parameter of comments functionality. Attackers with valid credentials can exploit this to extract database inform...

This vulnerability allows attackers to read arbitrary files on NavigateCMS servers by manipulating the 'id' parameter in the navigate_download.php script. It affects all NavigateCMS 2.9 installations,...

This SQL injection vulnerability in Navigate CMS allows attackers to execute arbitrary SQL commands through the quicksearch parameter in the comments module. It affects all users running Navigate CMS ...

Navigate CMS 2.9 r1433 stores session data in cleartext files in /private/sessions directory, allowing unauthenticated attackers to brute-force or directly view active sessions. This exposes CSRF toke...

This vulnerability in Navigate CMS allows an attacker to reset any user's password without proper authentication. By exploiting a flaw in the password reset mechanism where no activation code is suppl...