Navigate CMS SQL Injection Vulnerability in Comments Component

A SQL injection vulnerability has been identified in Navigate CMS version 2.8.7. This vulnerability allows authenticated attackers to manipulate the 'sidx' parameter in the comments section, leading to unauthorized database access. Exploiting this flaw, attackers can use time-based blind SQL injection techniques to extract sensitive information, such as user activation keys. These keys could potentially be used to reset passwords for administrative accounts.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, with the potential to leak sensitive database information, including user activation keys, which can be used to reset passwords for administrative accounts.

Reproduction

To reproduce this vulnerability, log into the application with valid user credentials. Once authenticated, navigate to the comments section and manipulate the 'sidx' parameter to inject SQL payloads. Use time-based techniques to extract data, such as activation keys from the 'nv_users' table.