CVE-2020-15921
- EPSS 18.29%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
- EPSS 57.33%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
CVE-2020-15923
- EPSS 3.31%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
CVE-2020-15924
- EPSS 1.88%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
CVE-2020-15918
- EPSS 0.56%
- Veröffentlicht 24.07.2020 01:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:26
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
CVE-2020-15919
- EPSS 0.94%
- Veröffentlicht 24.07.2020 01:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:26
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
- EPSS 98.24%
- Veröffentlicht 24.07.2020 01:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:27
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.