CVE-2020-15920

CVE-2020-15920 affects Mida Solutions eFramework

CVE-2020-15922

CVE-2020-15922 describes an OS Command Injection in Mida Solutions’ eFramework version 2.9.0 that enables Remote Code Execution with administrative/root privileges, requiring authentication. The connected Red Hat, CNVD, CNVD-like and Exploit-DB entries corroborate a root-level impact via command ...

CVE-2020-15921

CVE-2020-15921 affects Mida eFramework up to version 2.9.0, described as a back door that permits changing the administrative password and accessing restricted functionalities, including code execution. The Red Hat advisory and Exploit-DB entry corroborate a back-door/administrative access vulner...

CVE-2020-15919

The CVE-2020-15919 entry concerns Mida eFramework up to version 2.9.0 with a Reflected Cross Site Scripting (XSS) vulnerability. The connected documents attribute the issue to a lack of proper validation of client-side data in the WEB application, enabling potential client-side code execution. No...

CVE-2020-15924

CVE-2020-15924 : The vulnerability affects Mida eFramework versions up to 2.9.0. It is a SQL injection vulnerability in one of the authentication parameters, with no authentication required. The impact is information disclosure . The connected documents confirm the root cause as an injectable que...

CVE-2020-15923

Mida eFramework up to version 2.9.0 is affected by an unauthenticated path traversal vulnerability. The root cause is improper filtering of path elements, allowing an attacker to access locations outside of a restricted directory by exploiting the system’s path handling. Affected product: Mida eF...

CVE-2020-15918

Multiple Stored Cross Site Scripting (XSS) vulnerabilities affect Mida Solutions eFramework up to version 2.9.0. CNVD-2020-42663 details a lack of proper validation of client-side data by the WEB application, enabling attacker-controlled input to be reflected and potentially execute client-side c...