Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NediNedi

3 matches found

CVE
CVEadded 2021/02/12 9:15 p.m.76 views

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

8.8CVSS9AI score0.01161EPSS
CVE
CVEadded 2021/02/12 9:15 p.m.74 views

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

9.9CVSS9.2AI score0.00582EPSS
CVE
CVEadded 2021/02/12 9:15 p.m.64 views

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.

8.8CVSS9.2AI score0.00372EPSS