CyberSec.Space Logo
Back to CVE Browser

CVE-2020-27886

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile12.52th
PublishedOct 29, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).

Affected Platforms (CPE)

πŸ“¦
Eyesofnetwork

Eyesofnetwork

>= 5.3-7 and <= 5.3-8

References & Advisories

πŸ”— http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
πŸ”— https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
πŸ”— https://www.eyesofnetwork.com/en
πŸ”— http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
πŸ”— https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
πŸ”— https://www.eyesofnetwork.com/en

Related Vulnerabilities

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-86579.8

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_funct...

CVE-2020-86569.8

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated a...

CVE-2021-275149.8

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authe...