CVE-2020-15921
- EPSS 18.5%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
- EPSS 60.1%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
CVE-2020-15923
- EPSS 3.15%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
CVE-2020-15924
- EPSS 0.76%
- Veröffentlicht 24.07.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:27
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
CVE-2020-15918
- EPSS 0.21%
- Veröffentlicht 24.07.2020 01:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:26
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
CVE-2020-15919
- EPSS 0.29%
- Veröffentlicht 24.07.2020 01:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:26
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
- EPSS 93.95%
- Veröffentlicht 24.07.2020 01:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:27
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.