CVE-2020-14414

Published: Jun 29, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/farid007/a3d96d305f028d221f729eb6ae681f5a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14414

Description

Affected Products

References