Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the children_order parameter in structure.php in Navigate CMS 2.9.4 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary sql queries in the backend database.