9
CVSSv2

CVE-2020-14412

Published: 29/06/2020 Updated: 06/07/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

NeDi Consulting NeDi could allow a remote authenticated malicious user to execute arbitrary commands on the system, caused by System-Snapshot.php improperly escaping shell metacharacters from a POST request. By crafting an arbitrary payload that contains shell metacharacters via a POST request with a psw parameter, an attacker could exploit this vulnerability to execute arbitrary commands on the system. Note: This can also be exploited with CSRF.

Vulnerability Trend

Affected Products

Vendor Product Versions
NediNedi1.9c