Filtered by vendor Midasolutions
Subscriptions
Filtered by product Eframework
Subscriptions
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-15924 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 7.5 High |
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. | ||||
CVE-2020-15923 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 7.5 High |
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. | ||||
CVE-2020-15922 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 9.8 Critical |
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. | ||||
CVE-2020-15921 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 9.8 Critical |
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. | ||||
CVE-2020-15920 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 9.8 Critical |
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. | ||||
CVE-2020-15919 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 6.1 Medium |
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. | ||||
CVE-2020-15918 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 5.4 Medium |
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. |
Page 1 of 1.