Vulnerability Details CVE-2020-27886
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
- https://www.eyesofnetwork.com/en
- http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
- https://www.eyesofnetwork.com/en
Products affected by CVE-2020-27886
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-7
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-8