CVE-2021-36455: SQL Injection
First published: Fri Aug 06 2021(Updated: )
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Naviwebs Navigate CMS | =2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36455?
CVE-2021-36455 is a SQL Injection vulnerability in Naviwebs Navigate CMS version 2.9.
How does the SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 occur?
The SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 occurs via the quicksearch parameter in \lib\packages\comments\comments.php.
What is the severity level of CVE-2021-36455?
The severity level of CVE-2021-36455 is high.
How can I fix the SQL Injection vulnerability in Naviwebs Navigate CMS 2.9?
To fix the SQL Injection vulnerability in Naviwebs Navigate CMS 2.9, update to version 2.9.4 or later.
Where can I find more information about CVE-2021-36455?
You can find more information about CVE-2021-36455 in the following references: [GitHub Issue](https://github.com/NavigateCMS/Navigate-CMS/issues/25) and [Navigate CMS Blog](https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_4).
- collector/nvd-index
- vendor/naviwebs
- canonical/naviwebs navigate cms
- version/naviwebs navigate cms/2.9