CVE-2020-14414

CVE-2020-14414

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)

Source: CVE-2020-14414

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다