Midasolutions

midasolutions

7 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15924 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
CVE-2020-15923 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
CVE-2020-15922 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
CVE-2020-15921 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
CVE-2020-15920 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
CVE-2020-15919 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
CVE-2020-15918 1Midasolutions 1Eframework Nov 21, 2024 Jul 24, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.