CNNVD-202601-4983 Information

CNNVD ID

CNNVD-202601-4983

Related CVE

CVE-2020-37053

• CNNVD Published: 2026-01-30

Description (Chinese)

Naviwebs Navigate CMS是美国Naviwebs公司的一套开源的内容管理系统（CMS）。 Naviwebs Navigate CMS 2.8.7版本存在SQL注入漏洞，该漏洞源于comments中的sidx参数存在SQL注入，可能导致泄露数据库信息。

Description (English)

Naviwebs Navigate CMS is an open-source content management system (CMS) for Navivewebs in the United States. Version 2.8.7 of Navibles Navigate CMS contains an injection loophole in SQL, which is the result of the SQL injection of sidx parameters in documents, which may lead to the disclosure of database information.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Naviwebs

Published

2026-01-30

Last Modified

2026-02-24

References

https://sourceforge.net/projects/navigatecms https://www.exploit-db.com/exploits/48545 https://www.navigatecms.com/en/home https://www.vulncheck.com/advisories/navigate-cms-sidx-sql-injection