Vulnerability Description
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Midasolutions | Eframework | <= 2.9.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-ExExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.phExploitThird Party AdvisoryVDB Entry
- https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.htmlExploitThird Party Advisory
- http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-ExExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.phExploitThird Party AdvisoryVDB Entry
- https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.htmlExploitThird Party Advisory
FAQ
What is CVE-2020-15920?
CVE-2020-15920 is a vulnerability with a CVSS score of 9.8 (CRITICAL). There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
How severe is CVE-2020-15920?
CVE-2020-15920 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15920?
Check the references section above for vendor advisories and patch information. Affected products include: Midasolutions Eframework.