CVE-2020-15920

Critical

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with…

mitre·CWE-78·Published 2020-07-24

CVSS

9.8

EPSS

0.98

KEV

Exploits

cve.orgen

198 chars

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

NVDen

198 chars

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

Se presenta una Inyección de Comandos del Sistema Operativo en Mida eFramework versiones hasta 2.9.0, que permite a un atacante alcanzar una Ejecución de Código Remota (RCE) con privilegios administrativos (root). No es requerida una autenticación

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H