RSS   Vulnerabilities for 'NEDI'   RSS

2021-02-12
 
CVE-2021-26753

CWE-94
 

 
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

 
 
CVE-2021-26752

CWE-78
 

 
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

 
 
CVE-2021-26751

CWE-89
 

 
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.

 
2020-11-02
 
CVE-2020-23989

CWE-79
 

 
NeDi 1.9C allows pwsec.php oid XSS.

 
 
CVE-2020-23868

CWE-79
 

 
NeDi 1.9C allows inc/rt-popup.php d XSS.

 
2020-07-07
 
CVE-2020-15035

CWE-79
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.

 
 
CVE-2020-15034

CWE-79
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.

 
 
CVE-2020-15033

CWE-79
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.

 
 
CVE-2020-15032

CWE-79
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.

 
 
CVE-2020-15031

CWE-79
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top