Enhancement: cves/2020/CVE-2020-15920.yaml by mp

2022-05-16 15:21:06 -04:00 · 2022-05-16 15:21:06 -04:00 · a028a908ee
parent f32b90708d
commit a028a908ee
1 changed files with 5 additions and 2 deletions
--- a/cves/2020/CVE-2020-15920.yaml
+++ b/cves/2020/CVE-2020-15920.yaml
@ -1,12 +1,13 @@
 id: CVE-2020-15920

 info:
-  name: Unauthenticated RCE at Mida eFramework on 'PDC/ajaxreq.php'
+  name: Mida eFramework <= 2.9.0 - Remote Command Execution
  author: dwisiswant0
  severity: critical
-  description: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
+  description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.
  reference:
    - https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
+    - 
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -27,3 +28,5 @@ requests:
        regex:
          - "root:.*:0:0:"
        part: body
+
+# Enhanced by mp on 2022/05/16