Latest naviwebs navigate cms Vulnerabilities

CVE-2022-28117
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the fe...
Naviwebs Navigate CMS=2.9.4
CVE-2021-44299
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted pay...
Naviwebs Navigate CMS=2.9.4
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
Naviwebs Navigate CMS=2.9
CVE-2021-36454
Naviwebs Navigate CMS=2.9
CVE-2020-23711
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
Naviwebs Navigate CMS=2.9
CVE-2020-14016
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. ...
Naviwebs Navigate CMS=2.9-r1433
CVE-2020-14017
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated...
Naviwebs Navigate CMS=2.9-r1433
CVE-2020-14018
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field...
Naviwebs Navigate CMS=2.9-r1433
CVE-2020-14015
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no ac...
Naviwebs Navigate CMS=2.9-r1433
CVE-2020-14014
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to ref...
Naviwebs Navigate CMS=2.8
Naviwebs Navigate CMS=2.9-r1433
CVE-2020-14927
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
Naviwebs Navigate CMS=2.9
CVE-2020-13796
Naviwebs Navigate CMS<=2.8.7
CVE-2020-13795
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
Naviwebs Navigate CMS<=2.8.7
CVE-2020-13797
Naviwebs Navigate CMS<=2.8.7
CVE-2020-13798
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Naviwebs Navigate CMS<=2.8.7
CVE-2018-18029
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
Naviwebs Navigate CMS
CVE-2018-17849
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
Naviwebs Navigate CMS=2.8
CVE-2018-17553
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution ...
Naviwebs Navigate CMS=2.8
CVE-2018-17552
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
Naviwebs Navigate CMS=2.8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203