Vulnerability Details CVE-2021-33525
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.077
EPSS Ranking 91.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2021-33525
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:4.2-3
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:4.3-0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.0-0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.1
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.1-0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.2-0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-1
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-10
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-11
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-2
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-3
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-4
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-5
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-6
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-7
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-8
-
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-9