The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
9.8CVSS
9.4AI Score
0.002EPSS
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
4.8CVSS
4.9AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
4.8CVSS
4.9AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
5.4CVSS
5.3AI Score
0.001EPSS
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database.
9.8CVSS
9.6AI Score
0.003EPSS
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database.
9.8CVSS
9.6AI Score
0.003EPSS
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.
9.8CVSS
9.6AI Score
0.003EPSS
In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter children_order, which results in arbitrary sql query execution in the backend database.
9.8CVSS
9.6AI Score
0.003EPSS
In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database.
9.8CVSS
9.6AI Score
0.003EPSS