Vulnerabilities > Midasolutions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-24 | CVE-2020-15924 | SQL Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. | 5.0 |
| 2020-07-24 | CVE-2020-15923 | Path Traversal vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. | 7.8 |
| 2020-07-24 | CVE-2020-15922 | OS Command Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. | 10.0 |
| 2020-07-24 | CVE-2020-15921 | Improper Authentication vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. | 7.5 |
| 2020-07-24 | CVE-2020-15920 | OS Command Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. | 9.8 |
| 2020-07-24 | CVE-2020-15919 | Cross-site Scripting vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. | 4.3 |
| 2020-07-24 | CVE-2020-15918 | Cross-site Scripting vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. | 3.5 |