Midasolutions Eframework vulnerabilities
7 known vulnerabilities affecting midasolutions/eframework.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-15920P1CRITICALCVSS 9.8ExploitedPoC≤ 2.9.02020-07-24
CVE-2020-15920 [CRITICAL] CWE-78 CVE-2020-15920: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
nvd
CVE-2020-15922P1CRITICALCVSS 9.8PoC≤ 2.9.02020-07-24
CVE-2020-15922 [CRITICAL] CWE-78 CVE-2020-15922: There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
nvd
CVE-2020-15921P2CRITICALCVSS 9.8PoC≤ 2.9.02020-07-24
CVE-2020-15921 [CRITICAL] CWE-287 CVE-2020-15921: Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password a
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
nvd
CVE-2020-15923P3HIGHCVSS 7.5≤ 2.9.02020-07-24
CVE-2020-15923 [HIGH] CWE-22 CVE-2020-15923: Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
nvd
CVE-2020-15924P3HIGHCVSS 7.5≤ 2.9.02020-07-24
CVE-2020-15924 [HIGH] CWE-89 CVE-2020-15924: There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No a
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
nvd
CVE-2020-15918P4MEDIUMCVSS 5.4≤ 2.9.02020-07-24
CVE-2020-15918 [MEDIUM] CWE-79 CVE-2020-15918: Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework throug
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
nvd
CVE-2020-15919P4MEDIUMCVSS 6.1≤ 2.9.02020-07-24
CVE-2020-15919 [MEDIUM] CWE-79 CVE-2020-15919: A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
nvd