CVE-2021-26751

Name of the Vulnerable Software and Affected Versions NeDi version 1.9C

Description The issue allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint "/Monitoring-History.php" via the det HTTP GET parameter. This enables an attacker to access all the data in the database and obtain access to the NeDi application.

Recommendations For NeDi version 1.9C, as a temporary workaround, consider restricting access to the "/Monitoring-History.php" endpoint until a patch is available. Avoid using the det parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.