Shodan
Vulnerabilities
Vulnerable Software
Nedi:  >> Nedi  >> 1.9c  Security Vulnerabilities
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
CVSS Score
9.9
EPSS Score
0.006
Published
2021-02-12
CVE-2021-26751
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-02-12
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-02-12
CVE-2020-23868
NeDi 1.9C allows inc/rt-popup.php d XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-02
CVE-2020-23989
NeDi 1.9C allows pwsec.php oid XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-02
CVE-2020-15028
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-07
CVE-2020-15029
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-07
CVE-2020-15030
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-07
CVE-2020-15031
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-07
CVE-2020-15032
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved