Vulnerability Database

321,822

Total vulnerabilities in the database

CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.

Published: Jan 30, 2026
Updated: Feb 1, 2026
CVE: CVE-2020-37053
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://sourceforge.net/projects/navigatecms
https://www.exploit-db.com/exploits/48545
https://www.navigatecms.com/en/home
https://www.vulncheck.com/advisories/navigate-cms-sidx-sql-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo