CVE-2020-14414
29.06.2020, 17:15
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)
| Vendor | Product | Version |
|---|---|---|
| nedi | nedi | 1.9c:c |
𝑥
= Vulnerable software versions