First published: Fri Aug 06 2021(Updated: )
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Naviwebs Navigate CMS | =2.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36455 is a SQL Injection vulnerability in Naviwebs Navigate CMS version 2.9.
The SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 occurs via the quicksearch parameter in \lib\packages\comments\comments.php.
The severity level of CVE-2021-36455 is high.
To fix the SQL Injection vulnerability in Naviwebs Navigate CMS 2.9, update to version 2.9.4 or later.
You can find more information about CVE-2021-36455 in the following references: [GitHub Issue](https://github.com/NavigateCMS/Navigate-CMS/issues/25) and [Navigate CMS Blog](https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_4).