What is the CVSS score of CVE-2020-37053?

CVE-2020-37053 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Navigate Cms are affected by CVE-2020-37053?

Navigate CMS 2.8.7 installations are vulnerable to authenticated SQL injection attacks that could allow attackers with user accounts to extract sensitive database information.

Is there a public PoC exploit available for CVE-2020-37053?

Yes, a public proof-of-concept exploit is available for CVE-2020-37053. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37053?

Within 24 hours: Audit all Navigate CMS 2.8.7 instances in your environment and document inventory; restrict user account creation and review existing user privileges. Within 7 days: Deploy WAF rules to block malicious 'sidx' parameter patterns and implement database query logging; communicate risk status to stakeholders. Within 30 days: Evaluate alternative CMS platforms or develop custom patches; prepare migration plan if vendor does not release timely security updates.

Navigate Cms CVE-2020-37053

HIGH

SQL Injection (CWE-89)

2026-01-30 disclosure@vulncheck.com

SQLi Navigate Cms

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 13, 2026 - 17:52 vuln.today

Public exploit code

CVE Published

Jan 30, 2026 - 23:16 nvd

HIGH 7.1

DescriptionCVE.org

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.

AnalysisAI

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects Navigate Cms. Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2020-37053 vulnerability details – vuln.today

Back