PT-2021-21274 · Naviwebs · Naviwebs Navigate Cms

Duong Xuan Hiep

Published

2021-08-06

Updated

2021-08-13

CVE-2021-36455

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Naviwebs Navigate CMS version 2.9

Description The issue is related to a SQL Injection vulnerability. It can be exploited via the quicksearch parameter in the libpackagescommentscomments.php file.

Recommendations For Naviwebs Navigate CMS version 2.9, consider restricting access to the libpackagescommentscomments.php file or the quicksearch parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-36455

Affected Products

Naviwebs Navigate Cms

PT-2021-21274 · Naviwebs · Naviwebs Navigate Cms

CVE-2021-36455

Weakness Enumeration

Related Identifiers

Affected Products

References · 4