CVE-2020-15920

Related Files

Mida Solutions eFramework ajaxreq.php Command Injection

Posted Sep 16, 2020

Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php

advisories | CVE-2020-15920

SHA-256 | 4878a731edc0be4c0ac00692ed93b267a31861eb08b009ecca9a7586cc59c464

Download | Favorite | View

Mida eFramework 2.9.0 Remote Code Execution

Posted Aug 27, 2020

Authored by elbae

Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution

advisories | CVE-2020-15920

SHA-256 | 1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a

Download | Favorite | View