Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nedi nedi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote malicious user to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a differe...
Nedi Nedi
Nedi Nedi 1.0.7
6.5
CVSSv2
CVE-2018-20727
Multiple command injection vulnerabilities in NeDi prior to 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
Nedi Nedi
6.8
CVSSv2
CVE-2018-20728
A cross site request forgery (CSRF) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to escalate privileges via User-Management.php.
Nedi Nedi
4.3
CVSSv2
CVE-2018-20729
A reflected cross site scripting (XSS) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to inject arbitrary web script or HTML via the reg parameter in mh.php.
Nedi Nedi
5
CVSSv2
CVE-2018-20730
A SQL injection vulnerability in NeDi prior to 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
Nedi Nedi
4.3
CVSSv2
CVE-2018-20731
A stored cross site scripting (XSS) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to inject arbitrary web script or HTML via User-Chat.php.
Nedi Nedi
9
CVSSv2
CVE-2020-14412
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a p...
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-23868
NeDi 1.9C allows inc/rt-popup.php d XSS.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-23989
NeDi 1.9C allows pwsec.php oid XSS.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15031
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.
Nedi Nedi 1.9c
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »