A SQL injection vulnerability in NeDi prior to 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
nedi nedi