Naviwebs: >> Navigate Cms >> 2.8.7 Security Vulnerabilities
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-01-30
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-01-30
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-06-03
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-03
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-03
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-03