Mida eFramework OS Command Injection Vulnerability

Mida eFramework OS Command Injection Vulnerability

CVE-2020-15920 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

Learn more about our Web Application Penetration Testing UK.