CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
References
Link Resource
https://n4nj0.github.io/advisories/nedi-multiple-vulnerabilities-i/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:*

Information

Published : 2021-02-12 13:15

Updated : 2021-02-13 17:36


NVD link : CVE-2021-26751

Mitre link : CVE-2021-26751


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

nedi

  • nedi