CyberSec.Space Logo
Back to CVE Browser

CVE-2021-40643

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile11.99th
PublishedJun 30, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").

Affected Platforms (CPE)

πŸ“¦
Eyesofnetwork

Eyesofnetwork

< 2021-07-07

References & Advisories

πŸ”— https://eyesofnetwork.com
πŸ”— https://www.eyesofnetwork.com/en/news/vulnerabilite-cacti
πŸ”— https://eyesofnetwork.com
πŸ”— https://www.eyesofnetwork.com/en/news/vulnerabilite-cacti

Related Vulnerabilities

CVE-2017-142529.8

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.

CVE-2017-10000609.8

EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root

CVE-2017-142479.8

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue t...

CVE-2017-144039.8

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.