Unrated severityNVD Advisory· Published Jul 26, 2021· Updated Aug 4, 2024

CVE-2021-37476

Description

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

NavigateCMS/NavigateCMSdescription
Navigatecms/Navigatecmsllm-fuzzy
Range: <=2.9.4

Patches

Vulnerability mechanics

References

gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4femitrex_refsource_MISC
github.com/NavigateCMS/Navigate-CMS/issues/26mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000