NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HNedi
APPNedi1.9c
Related vulnerabilities
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthe...
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on t...
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the en...
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a ...
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacte...