CVE-2020-15920

CVE Database · CVE-2020-15920

CVE-2020-15920

· CRITICALModified

CVSS v3.1

9.8

EPSS

98.28%

Published

Jul 23, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (3)

All weaponized →

Exploit-DBMida eFramework 2.9.0 - Remote Code Execution NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (1)

midasolutions · eframeworkvulnerable

References (6)

http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html

ExploitThird Party AdvisoryVDB Entry

https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html

ExploitThird Party Advisory

http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs