Security Advisory

CVE-2021-26753

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-12 20:35:20
Last updated 2024-08-03 20:33:40
Assigner mitre
State PUBLISHED

Description

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.