Vulnerabilities

CVE-2020-14412

by Fred · 29/06/2020

NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)

Date published : 2020-06-29

https://gist.github.com/farid007/c0df57620a3cc1fb565bc77a945aa3fd

Similar

Tags: Cybersecurity Alert