CVE-2020-15920

Опубликовано: 24 июл. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

Ссылки

http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:*

Версия до 2.9.0 (включая)

EPSS

Процентиль: 100%

0.93879

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-87c7-xx7r-6cw2