Navigate CMS is a powerful and intuitive content management system. sql injection vulnerability exists in the block-order
parameter of the block
function in Navigate CMS 2.9.4 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary sql queries in the backend database.