admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-15920

Browse Source
This commit is contained in:
corp0ra1 2021-08-02 14:50:23 +08:00 committed by GitHub
parent d20e71a9d6
commit 7965bfa8ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Mida_eFramework/CVE-2020-15920/CVE_2020_15920.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 713 KiB

11
Mida_eFramework/CVE-2020-15920/README.md Normal file
View File

@ -0,0 +1,11 @@
# Mida eFramework ajaxreq.php RCE(CVE-2020-15920)
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
**Affected Version**: ≤2.9.0
**FOFA query rule**: [body="eFramework.css" && body="MUP"](https://fofa.so/result?qbase64=Ym9keT0iZUZyYW1ld29yay5jc3MiICYmIGJvZHk9Ik1VUCI%3D)
# Demo
![](CVE_2020_15920.gif)