Vulnerability Details CVE-2020-27887
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
- https://www.eyesofnetwork.com/en
- http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
- https://www.eyesofnetwork.com/en
Products affected by CVE-2020-27887
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-1
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-2
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-3
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-4
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-5
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-6
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-7
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-8