Mida Solutions eFramework ajaxreq.php Command Injection

This module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to...

Mida Solutions eFramework OS Command Injection Vulnerability (CNVD-2020-42664)

Mida Solutions eFramework is a suite of unified communications and collaboration services from Mida Solutions, Italy. An operating system command injection vulnerability exists in Mida Solutions eFramework version 2.9.0 and earlier. A remote attacker can exploit the vulnerability to execute code...

Mida Solutions eFramework Cross-Site Scripting Vulnerability (CNVD-2020-42663)

Mida Solutions eFramework is a suite of unified communications and collaboration services from Mida Solutions, Italy. A cross-site scripting vulnerability exists in Mida Solutions eFramework version 2.9.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by...

Mida Solutions eFramework 2.9.0 XSS / Code Execution / SQL Injection Vulnerabilities

Mida Solutions eFramework versions 2.9.0 and below suffer from command execution, cross site scripting, denial of service, remote SQL injection, and path traversal vulnerabilities. ============================================= Title: Mida Solutions eFramework Multiple Vulnerabilities Author: Andr...