Description
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-24038 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T01:22:59.312Z
Reserved: 2021-07-26T00:00:00.000Z
Link: CVE-2021-37473
No data.
Status : Modified
Published: 2021-07-26T18:15:08.620
Modified: 2026-06-17T04:00:37.477
Link: CVE-2021-37473
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
EUVD