A cross site request forgery (CSRF) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to escalate privileges via User-Management.php.
nedi nedi