Harsh Bothra harsh-bothra

## CVE-2020-24849
Product: FruityWifi

CVE: CVE-2020-24849

Version: (, 2.4) - Tested on version 2.4

Vulnerability: Remote Code Execution

Vulnerability Description: A remote code execution vulnerability is identified in FruityWifi through 2.4.Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.

## CVE-2020-23868
Product: NeDi - Find IT

CVE: Use CVE-2020-23868

Version: 1.9C

Vulnerability: Reflected Cross-Site Scripting

Vulnerability Description:  NeDi 1.9C allows Cross-Site Scripting via "d" parameter at "inc/rt-popup.ph" page.

## CVE-2020-23989
Product: NeDi - Find IT

CVE: CVE-2020-23989

Version: 1.9C

Vulnerability: Reflected Cross-Site Scripting

Vulnerability Description:  NeDi 1.9C allows Cross-Site Scripting via "oid" parameter at "pwsec.php" page.
	Product: FruityWifi

	CVE: CVE-2020-24849

	Version: (, 2.4) - Tested on version 2.4

	Vulnerability: Remote Code Execution

	Vulnerability Description: A remote code execution vulnerability is identified in FruityWifi through 2.4.Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.
	Product: NeDi - Find IT

	CVE: Use CVE-2020-23868

	Version: 1.9C

	Vulnerability: Reflected Cross-Site Scripting

	Vulnerability Description: NeDi 1.9C allows Cross-Site Scripting via "d" parameter at "inc/rt-popup.ph" page.
	Product: NeDi - Find IT

	CVE: CVE-2020-23989

	Version: 1.9C

	Vulnerability: Reflected Cross-Site Scripting

	Vulnerability Description: NeDi 1.9C allows Cross-Site Scripting via "oid" parameter at "pwsec.php" page.