Vulnerability Details : CVE-2021-37477
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2021-37477
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less