Security Advisory

CVE-2021-37476

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-26 17:16:55
Last updated 2024-08-04 01:22:59
Assigner mitre
State PUBLISHED

Description

In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.