CVE-2020-15920

CRITICAL EXPLOITED NUCLEI

Midasolutions Eframework < 2.9.0 - OS Command Injection

Title source: rule

Description

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

Exploits (2)

exploitdb WORKING POC

by elbae · pythonwebappsmultiple

https://www.exploit-db.com/exploits/48768

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by elbae, bcoles · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Mida eFramework <=2.9.0 - Remote Command Execution

CRITICALby dwisiswant0

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html

[Exploit, Third Party Advisory] https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html

Scores

CVSS v3 9.8

EPSS 0.9356

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-25

CWE

CWE-78

Status published

Products (1)

midasolutions/eframework < 2.9.0

Published Jul 24, 2020

Tracked Since Feb 18, 2026