Описание
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.