NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HNedi
APPNedi1.9c
Related vulnerabilities
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthe...
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System...
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on t...
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a ...
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacte...