VYPR

eFramework

by Mida

CVEs (7)

  • CVE-2020-15920CriJul 24, 2020
    risk 0.75cvss 9.8epss 0.98

    There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

  • CVE-2020-15922CriJul 24, 2020
    risk 0.71cvss 9.8epss 0.57

    There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.

  • CVE-2020-15921CriJul 24, 2020
    risk 0.68cvss 9.8epss 0.18

    Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.

  • CVE-2020-15924HigJul 24, 2020
    risk 0.49cvss 7.5epss 0.02

    There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.

  • CVE-2020-15923HigJul 24, 2020
    risk 0.49cvss 7.5epss 0.03

    Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.

  • CVE-2020-15919MedJul 24, 2020
    risk 0.40cvss 6.1epss 0.01

    A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.

  • CVE-2020-15918MedJul 24, 2020
    risk 0.35cvss 5.4epss 0.01

    Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.