SQL Injection Vulnerability in NeDi 1.9C Monitoring History Function

SQL Injection Vulnerability in NeDi 1.9C Monitoring History Function

CVE-2021-26751 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.