HIGH🇬🇧 English

CVE-2021-26751

CVSS 8.8v3.1pub. 2021-02-12upd. 2024-11-21

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Nedi

    APP
    Nedi
    1.9c
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2022-40895CRITICAL9.1ten sam produkt

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthe...

CVE-2021-26753CRITICAL9.9ten sam produkt

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System...

CVE-2021-26752HIGH8.8ten sam produkt

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on t...

CVE-2020-14414HIGH8.8ten sam produkt

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a ...

CVE-2020-14412HIGH8.8ten sam produkt

NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacte...

CVE-2021-26751 — HIGH 8.8 | CVEbaza.pl