RSS   Vulnerabilities for 'Eframework'   RSS

2020-07-24
 
CVE-2020-15924

CWE-89
 

 
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.

 
 
CVE-2020-15923

CWE-22
 

 
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.

 
 
CVE-2020-15922

CWE-78
 

 
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.

 
 
CVE-2020-15921

CWE-522
 

 
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.

 
 
CVE-2020-15920

CWE-78
 

 
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

 
 
CVE-2020-15919

CWE-79
 

 
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.

 
 
CVE-2020-15918

CWE-79
 

 
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.

 


Copyright 2024, cxsecurity.com

 

Back to Top