Navigate CMS is a powerful and intuitive content management system. a sql injection vulnerability exists in the products-order parameter of products.php in Navigate CMS 2.9.4 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary sql queries in the backend database.