Vulnerabilities

CVE-2020-14414

by Fred · 29/06/2020

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)

Date published : 2020-06-29

https://gist.github.com/farid007/a3d96d305f028d221f729eb6ae681f5a

Similar

Tags: Cybersecurity Alert