Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
5.4CVSS
5.5AI Score
0.001EPSS
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
6.1CVSS
6AI Score
0.001EPSS
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
9.8CVSS
9.9AI Score
0.972EPSS
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
9.8CVSS
9.6AI Score
0.039EPSS
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
9.8CVSS
9.9AI Score
0.013EPSS
7.5CVSS
7.6AI Score
0.008EPSS
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
7.5CVSS
8AI Score
0.002EPSS