What is CVE-2020-15920?

CVE-2020-15920 is a vulnerability in N/a. Published 2020-07-24.

Is CVE-2020-15920 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-15920

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/Goby
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
HimmelAward/Goby_
Live-Hack-CVE/CVE-2020-15920
NyxAzrael/Goby_
Z0fhack/Goby_

References

elbae.github.io/jekyll/update/2020/07/14/vulns-01.html (x_refsource_MISC)
packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Executio… (x_refsource_MISC)
packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Comm… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15920?: CVE-2020-15920 is a vulnerability in N/a. Published 2020-07-24.
Is CVE-2020-15920 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.