Eyesofnetwork: >> Eyesofnetwork >> 5.1-0 Security Vulnerabilities
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
CVSS Score
7.2
EPSS Score
0.069
Published
2017-09-13
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
CVSS Score
8.8
EPSS Score
0.031
Published
2017-09-03
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
CVSS Score
8.8
EPSS Score
0.031
Published
2017-09-03
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-30
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
CVSS Score
9.8
EPSS Score
0.066
Published
2017-07-17
Page 3