Unrated severityNVD Advisory· Published Jan 30, 2026· Updated Mar 5, 2026

Navigate CMS 2.8.7 - ''sidx' SQL Injection

CVE-2020-37053

Description

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.

Affected products

WordPress/Navigate CMSllm-fuzzy
Range: = 2.8.7
Package: https://wordpress.org/plugins/navigate-cms
Naviwebs S.C./Navigate CMSv5
Range: 2.8.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/48545mitreexploit
www.vulncheck.com/advisories/navigate-cms-sidx-sql-injectionmitrethird-party-advisory
sourceforge.net/projects/navigatecmsmitreproduct
www.navigatecms.com/en/homemitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000