CVE-2020-15922

CRITICAL

Midasolutions Eframework < 2.9.0 - OS Command Injection

Title source: rule

Description

There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.

Exploits (1)

exploitdb WORKING POC

by elbae · pythonwebappshardware

https://www.exploit-db.com/exploits/48835

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159314/Mida-eFramework-2.8.9-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html

Scores

CVSS v3 9.8

EPSS 0.5918

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

midasolutions/eframework < 2.9.0

Published Jul 24, 2020

Tracked Since Feb 18, 2026