SQL Injection found in comments page.

NavigateCMS / Navigate-CMS

Navigate CMS, a very powerful open source content management system for everybody.

http://www.navigatecms.com

GNU General Public License v2.0

8 stars 4 forks source link

SQL Injection found in comments page. #9

Closed SecGus closed 4 years ago

SecGus commented 4 years ago

A SQL Injection vulnerability exists in the comments page on Navigate CMS. I have been able to exfiltrate sensitive data via this vulnerability. I will use the same e-mail as I used for the previous vulnerabilities to inform you about the details.

SecGus commented 4 years ago

Assigned CVE-2020-12437

NavigateCMS commented 4 years ago

Fixed by 75e66e1243235e7bcfcb7b0d8f9b3ab83fa1cc2c