Vulnerabilities > Nedi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-12 | CVE-2021-26753 | Incorrect Authorization vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. | 6.5 |
| 2021-02-12 | CVE-2021-26752 | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. | 6.5 |
| 2021-02-12 | CVE-2021-26751 | SQL Injection vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. | 4.0 |
| 2020-06-29 | CVE-2020-14413 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. | 4.3 |
| 2020-06-26 | CVE-2020-15017 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to reflected cross-site scripting. | 4.3 |
| 2020-06-26 | CVE-2020-15016 | Cross-site Scripting vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to reflected cross-site scripting. | 4.3 |
| 2019-01-17 | CVE-2018-20731 | Cross-site Scripting vulnerability in Nedi A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | 4.3 |
| 2019-01-17 | CVE-2018-20730 | SQL Injection vulnerability in Nedi A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | 5.0 |
| 2019-01-17 | CVE-2018-20729 | Cross-site Scripting vulnerability in Nedi A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. | 4.3 |
| 2019-01-17 | CVE-2018-20728 | Cross-Site Request Forgery (CSRF) vulnerability in Nedi A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | 6.8 |