Vulnerability Details CVE-2017-15880
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php%20SQLi
- https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php-update_group-SQL%20injection%20vulnerability
- https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php%20SQLi
- https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_group_add_modify_group.php-update_group-SQL%20injection%20vulnerability
Products affected by CVE-2017-15880
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.1-0