CVE-2021-37476

{"id": "CVE-2021-37476", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-07-26T18:15:08.687", "references": [{"url": "https://gist.github.com/victomteng1997/ed429fed7de46651c89f05e7591fd4fe", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/NavigateCMS/Navigate-CMS", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/NavigateCMS/Navigate-CMS/issues/26", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database."}, {"lang": "es", "value": "En NavigateCMS versiones 2.9.4 y posteriores, la funci\u00f3n en \"product.php\" es vulnerable a una inyecci\u00f3n de sql en el par\u00e1metro \"id\" mediante una petici\u00f3n de post, lo que resulta en la ejecuci\u00f3n de una consulta sql arbitraria en la base de datos del backend"}], "lastModified": "2021-07-28T17:04:53.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:naviwebs:navigatecms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0B50CA-FE10-4301-9AE3-73DE37402B18", "versionEndIncluding": "2.9.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}