Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
naviwebs vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-17849
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
Naviwebs Navigate Cms 2.8
9.8
CVSSv3
CVE-2020-23711
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
Naviwebs Navigate Cms 2.9
8.8
CVSSv3
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
Naviwebs Navigate Cms 2.9
9.8
CVSSv3
CVE-2018-17552
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote malicious users to bypass authentication via the navigate-user cookie.
Naviwebs Navigate Cms 2.8
1 EDB exploit
6 Github repositories
8.8
CVSSv3
CVE-2018-17553
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated malicious users to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_i...
Naviwebs Navigate Cms 2.8
1 EDB exploit
4 Github repositories
5.4
CVSSv3
CVE-2021-44299
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Naviwebs Navigate Cms 2.9.4
5.4
CVSSv3
CVE-2021-36454
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) ite...
Naviwebs Navigate Cms 2.9
7.5
CVSSv3
CVE-2021-44351
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.
Naviwebs Navigate Cms 2.9
7.5
CVSSv3
CVE-2020-14015
An issue exists in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue settin...
Naviwebs Navigate Cms 2.9
7.5
CVSSv3
CVE-2020-14017
An issue exists in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view...
Naviwebs Navigate Cms 2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »