Midasolutions: >> Eframework >> 2.8.0 Security Vulnerabilities
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
CVSS Score
9.8
EPSS Score
0.184
Published
2020-07-24
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
CVSS Score
9.8
EPSS Score
0.592
Published
2020-07-24
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
CVSS Score
7.5
EPSS Score
0.033
Published
2020-07-24
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-07-24
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-07-24
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-24
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
CVSS Score
9.8
EPSS Score
0.936
Published
2020-07-24