PT-2019-10189 · Nedi · Nedi

Published

2019-01-17

Updated

2019-01-22

CVE-2018-20730

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: NeDi versions prior to 1.7Cp3

Description: A SQL injection issue allows any user to execute arbitrary SQL read commands via the "query.php" component.

Recommendations: For versions prior to 1.7Cp3, update to version 1.7Cp3 or later to resolve the issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2018-20730

Nedi