Nedi Security Vulnerabilities and Issues — Nedi CVE List

Lucene search

NediNedi

5 matches found

CVE•added 2019/01/17 2:29 a.m.•39 views

CVE-2018-20728

A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.

8.8CVSS8.9AI score0.00215EPSS

CVE•added 2019/01/17 2:29 a.m.•38 views

CVE-2018-20730

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.

7.5CVSS8.3AI score0.00289EPSS

CVE•added 2019/01/17 2:29 a.m.•35 views

CVE-2018-20729

A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.

6.1CVSS6.3AI score0.0026EPSS

CVE•added 2019/01/17 2:29 a.m.•33 views

CVE-2018-20731

A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.

6.1CVSS6.2AI score0.0026EPSS

CVE•added 2019/01/17 2:29 a.m.•30 views

CVE-2018-20727

Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.

8.8CVSS9.1AI score0.03953EPSS