CVE-2021-37476

Опубликовано: 26 июл. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.

Ссылки

https://gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4fe
Patch
Third Party Advisory
https://github.com/NavigateCMS/Navigate-CMS
Product
https://github.com/NavigateCMS/Navigate-CMS/issues/26
Exploit
Third Party Advisory
https://gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4fe
Patch
Third Party Advisory
https://github.com/NavigateCMS/Navigate-CMS
Product
https://github.com/NavigateCMS/Navigate-CMS/issues/26
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:naviwebs:navigatecms:*:*:*:*:*:*:*:*

Версия до 2.9.4 (включая)

EPSS

Процентиль: 71%

0.00679

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4h9f-h6qv-gjwr

github

больше 3 лет назад

In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.