Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NeDi Consulting NeDi 安全漏洞
Vulnerability Description
NeDi Consulting NeDi是瑞士NeDi Consulting公司的一套支持发现和映射网络设备的开源软件。 NeDi Consulting NeDi 1.9C版本中存在安全漏洞,该漏洞源于System-Snapshot.php文件未正确转义POST请求中的shell元字符。攻击者可借助带有‘psw’参数的POST请求利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A