Vulnerabilities (CVE)

Filtered by vendor Midasolutions Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15924 1 Midasolutions 1 Eframework 2024-11-21 5.0 MEDIUM 7.5 HIGH
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
CVE-2020-15923 1 Midasolutions 1 Eframework 2024-11-21 7.8 HIGH 7.5 HIGH
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
CVE-2020-15922 1 Midasolutions 1 Eframework 2024-11-21 10.0 HIGH 9.8 CRITICAL
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
CVE-2020-15921 1 Midasolutions 1 Eframework 2024-11-21 7.5 HIGH 9.8 CRITICAL
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
CVE-2020-15920 1 Midasolutions 1 Eframework 2024-11-21 10.0 HIGH 9.8 CRITICAL
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
CVE-2020-15919 1 Midasolutions 1 Eframework 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
CVE-2020-15918 1 Midasolutions 1 Eframework 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.