NeDi 1.9C Authenticated PHP Code Injection in System Files Function
CVE-2021-26753 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
Learn more about our User Device Pen Test.