Nedi Security Vulnerabilities and Issues — Nedi CVE List

Lucene search

NediNedi

4 matches found

CVE•added 2021/02/12 9:15 p.m.•75 views

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

8.8CVSS9AI score0.01161EPSS

CVE•added 2021/02/12 9:15 p.m.•63 views

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.

8.8CVSS9.2AI score0.00372EPSS

CVE•added 2019/01/17 2:29 a.m.•39 views

CVE-2018-20728

A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.

8.8CVSS8.9AI score0.00215EPSS

CVE•added 2019/01/17 2:29 a.m.•30 views

CVE-2018-20727

Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.

8.8CVSS9.1AI score0.03953EPSS