CVE-2020-15924

There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters...

PT-2020-14714 · Mida · Mida Eframework

Name of the Vulnerable Software and Affected Versions: Mida eFramework versions prior to 2.9.1 Description: The issue allows an attacker to achieve Remote Code Execution RCE with administrative root privileges due to an OS Command Injection. No authentication is required. Recommendations: For...

Mida Solutions eFramework 2.9.0 XSS / Code Execution / SQL Injection Vulnerabilities

Mida Solutions eFramework versions 2.9.0 and below suffer from command execution, cross site scripting, denial of service, remote SQL injection, and path traversal vulnerabilities. ============================================= Title: Mida Solutions eFramework Multiple Vulnerabilities Author: Andr...

File Upload Vulnerability in eFrameWork

eFrameWork is a development framework for B/S application and web development. A file upload vulnerability exists in eFrameWork, which can be exploited by an attacker to gain control of the web server...