Eframework Security Vulnerabilities and Issues — Eframework CVE List

Lucene search

MidasolutionsEframework

7 matches found

CVE•added 2020/07/24 1:15 a.m.•130 views

CVE-2020-15920

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

10CVSS9.9AI score0.93927EPSS

CVE•added 2020/07/24 1:15 a.m.•91 views

CVE-2020-15922

There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.

10CVSS9.9AI score0.60097EPSS

CVE•added 2020/07/24 1:15 a.m.•86 views

CVE-2020-15921

Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.

9.8CVSS9.6AI score0.17724EPSS

CVE•added 2020/07/24 1:15 a.m.•47 views

CVE-2020-15919

A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.

6.1CVSS6AI score0.0029EPSS

CVE•added 2020/07/24 1:15 a.m.•45 views

CVE-2020-15924

There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.

7.5CVSS8AI score0.00763EPSS

CVE•added 2020/07/24 1:15 a.m.•42 views

CVE-2020-15918

Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.

5.4CVSS5.5AI score0.00206EPSS

CVE•added 2020/07/24 1:15 a.m.•42 views

CVE-2020-15923

Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.

7.8CVSS7.6AI score0.03164EPSS