← Zuruck zu CVEs
CVE-2020-37053
HIGH7.1
Beschreibung
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/30/2026
Zuletzt geandert2/13/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
naviwebs:navigate_cms
Schwachen (CWE)
CWE-89
Referenzen
https://sourceforge.net/projects/navigatecms(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48545(disclosure@vulncheck.com)
https://www.navigatecms.com/en/home(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/navigate-cms-sidx-sql-injection(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.