64 matches found
Cross site scripting
A Reflected Cross Site Scripting XSS vulnerability was discovered in Mida eFramework through 2.9.0...
Cross site scripting
Multiple Stored Cross Site Scripting XSS vulnerabilities were discovered in Mida eFramework through 2.9.0...
Command injection
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. Authentication is required...
Sql injection
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters...
Directory traversal
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal...
Command injection
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. No authentication is required...
Design/Logic Flaw
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution...
CVE-2020-15918
Multiple Stored Cross Site Scripting (XSS) vulnerabilities affect Mida Solutions eFramework up to version 2.9.0. CNVD-2020-42663 details a lack of proper validation of client-side data by the WEB application, enabling attacker-controlled input to be reflected and potentially execute client-side c...
CVE-2020-15918
Multiple Stored Cross Site Scripting XSS vulnerabilities were discovered in Mida eFramework through 2.9.0...
CVE-2020-15919
The CVE-2020-15919 entry concerns Mida eFramework up to version 2.9.0 with a Reflected Cross Site Scripting (XSS) vulnerability. The connected documents attribute the issue to a lack of proper validation of client-side data in the WEB application, enabling potential client-side code execution. No...
CVE-2020-15919
A Reflected Cross Site Scripting XSS vulnerability was discovered in Mida eFramework through 2.9.0...
CVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. No authentication is required...
CVE-2020-15920
CVE-2020-15920 affects Mida Solutions eFramework
CVE-2020-15921
CVE-2020-15921 affects Mida eFramework up to version 2.9.0, described as a back door that permits changing the administrative password and accessing restricted functionalities, including code execution. The Red Hat advisory and Exploit-DB entry corroborate a back-door/administrative access vulner...
CVE-2020-15921
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution...
CVE-2020-15922
CVE-2020-15922 describes an OS Command Injection in Mida Solutions’ eFramework version 2.9.0 that enables Remote Code Execution with administrative/root privileges, requiring authentication. The connected Red Hat, CNVD, CNVD-like and Exploit-DB entries corroborate a root-level impact via command ...
CVE-2020-15922
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. Authentication is required...
CVE-2020-15923
Mida eFramework up to version 2.9.0 is affected by an unauthenticated path traversal vulnerability. The root cause is improper filtering of path elements, allowing an attacker to access locations outside of a restricted directory by exploiting the system’s path handling. Affected product: Mida eF...
CVE-2020-15923
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal...
CVE-2020-15924
CVE-2020-15924 : The vulnerability affects Mida eFramework versions up to 2.9.0. It is a SQL injection vulnerability in one of the authentication parameters, with no authentication required. The impact is information disclosure . The connected documents confirm the root cause as an injectable que...