CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8656

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile37.92th
PublishedFeb 7, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

Affected Platforms (CPE)

πŸ“¦
Eyesofnetwork

Eyesofnetwork

= 5.3-0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
πŸ”— https://github.com/EyesOfNetworkCommunity/eonapi/issues/16
πŸ”— http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
πŸ”— https://github.com/EyesOfNetworkCommunity/eonapi/issues/16

Related Vulnerabilities

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-278869.8

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin...

CVE-2020-86579.8

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_funct...

CVE-2021-275149.8

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authe...