CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.7%

CVSS Severity

CVSS v3 Score 7.1

References

https://sourceforge.net/projects/navigatecms
https://www.exploit-db.com/exploits/48545
https://www.navigatecms.com/en/home
https://www.vulncheck.com/advisories/navigate-cms-sidx-sql-injection

Products affected by CVE-2020-37053

Naviwebs » Navigate Cms » Version: 2.8.7

cpe:2.3:a:naviwebs:navigate_cms:2.8.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37053

Products

Pricing

Contact Us