High severity8.8NVD Advisory· Published Jun 29, 2020· Updated Jun 17, 2026
CVE-2020-14412
CVE-2020-14412
Description
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- gist.github.com/farid007/c0df57620a3cc1fb565bc77a945aa3fdnvdThird Party Advisory
News mentions
0No linked articles in our index yet.