CVE-2020-23711

Name of the Vulnerable Software and Affected Versions NavigateCMS version 2.9

Description The issue is related to a SQL Injection vulnerability. It occurs via the URL encoded GET input category in the navigate.php file.

Recommendations For NavigateCMS version 2.9, consider restricting access to the navigate.php file until a patch is available. As a temporary workaround, avoid using the category parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.