Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the id parameter of product.php in Navigate CMS 2.9.4 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary sql queries in the backend database.