cbcvebase.
CVE-2020-15921
published 2020-07-24

CVE-2020-15921: Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code…

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
18.29%
96.9th percentile
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
midasolutionseframework<= 2.9.0

Detection & IOCsextracted from sources · hover to see the quote

path/PDC/extreq.php
port8090
  • Use the Server response header value 'Mida eFramework' as a fingerprint to identify exposed vulnerable instances (Google Dork: Server: Mida eFramework).
  • The backdoor allows administrative password change and code execution via the extreq.php endpoint; alert on any POST/GET to /PDC/extreq.php regardless of the generated code value.
  • ·The backdoor 'code' parameter value is algorithmically generated by the exploit script; detection should match any value for the 'code' parameter on this path, not a static string.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.