mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1.6 KiB
1.6 KiB
CVE-2020-15920
Description
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
POC
Reference
- http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html
- http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html
- https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
- https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
Github
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Live-Hack-CVE/CVE-2020-15920
- https://github.com/Z0fhack/Goby_POC
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/sobinge/nuclei-templates