High severity8.8NVD Advisory· Published Jun 29, 2020· Updated Jun 17, 2026
CVE-2020-14414
CVE-2020-14414
Description
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- gist.github.com/farid007/a3d96d305f028d221f729eb6ae681f5anvdThird Party Advisory
News mentions
0No linked articles in our index yet.