Eyesofnetwork: >> Eyesofnetwork Security Vulnerabilities
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-08-27
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
CVSS Score
9.8
EPSS Score
0.786
Published
2020-02-28
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.
CVSS Score
8.8
EPSS Score
0.899
Published
2020-02-07
CVE-2020-8655
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
Known exploited
CVSS Score
7.8
EPSS Score
0.841
Published
2020-02-07
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
CVSS Score
9.8
EPSS Score
0.827
Published
2020-02-07
CVE-2020-8657
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
Known exploited
CVSS Score
9.8
EPSS Score
0.861
Published
2020-02-06
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
CVSS Score
8.8
EPSS Score
0.132
Published
2019-08-16
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
CVSS Score
7.2
EPSS Score
0.004
Published
2017-10-29
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
CVSS Score
7.2
EPSS Score
0.006
Published
2017-10-27
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVSS Score
7.2
EPSS Score
0.004
Published
2017-10-24