Filtered by vendor Midasolutions
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15923 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. | |||||
| CVE-2020-15920 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. | |||||
| CVE-2020-15919 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. | |||||
| CVE-2020-15921 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. | |||||
| CVE-2020-15922 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. | |||||
| CVE-2020-15924 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. | |||||
| CVE-2020-15918 | 1 Midasolutions | 1 Eframework | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. | |||||