Vulnerabilities > Midasolutions > Eframework > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-24 CVE-2020-15920 OS Command Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges.
network
low complexity
midasolutions CWE-78
critical
 9.8
9.8
2020-07-24 CVE-2020-15921 Improper Authentication vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
network
low complexity
midasolutions CWE-287
critical
 9.8
9.8
2020-07-24 CVE-2020-15922 OS Command Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges.
network
low complexity
midasolutions CWE-78
critical
 9.8
9.8