CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-8656

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile37.92th
Published2020年2月7日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

Affected Platforms (CPE)

📦
Eyesofnetwork

Eyesofnetwork

= 5.3-0

References & Advisories

🔗 http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
🔗 http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
🔗 https://github.com/EyesOfNetworkCommunity/eonapi/issues/16
🔗 http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
🔗 http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
🔗 https://github.com/EyesOfNetworkCommunity/eonapi/issues/16

相關漏洞威脅

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-278869.8

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin...

CVE-2020-86579.8

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_funct...

CVE-2021-275149.8

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authe...