CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.0%

CVSS Severity

CVSS v3 Score 9.9

CVSS v2 Score 6.5

References

https://n4nj0.github.io/advisories/nedi-multiple-vulnerabilities-i/
https://n4nj0.github.io/advisories/nedi-multiple-vulnerabilities-i/

Products affected by CVE-2021-26753

Nedi » Nedi » Version: 1.9c

cpe:2.3:a:nedi:nedi:1.9c

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26753

Products

Pricing

Contact Us