Shodan
Vulnerabilities
Vulnerable Software
Eyesofnetwork:  >> Eyesofnetwork  >> 5.1-0  Security Vulnerabilities
CVE-2017-15880
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVSS Score
7.2
EPSS Score
0.004
Published
2017-10-24
CVE-2017-15188
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-10-11
CVE-2017-14983
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-10-03
CVE-2017-14984
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-03
CVE-2017-14985
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-03
CVE-2017-14753
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-27
CVE-2017-14401
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-13
CVE-2017-14402
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-13
CVE-2017-14403
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-13
CVE-2017-14404
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved