Nedi - Nedi CVE

Filtered by vendor Nedi Subscribe

Filtered by product Nedi

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-26753	1 Nedi	1 Nedi	2022-05-03	6.5 MEDIUM	9.9 CRITICAL
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.

Vulnerabilities (CVE)