Skip to main content

Eyesofnetwork

36 CVEs product

Monthly

CVE-2022-41572 CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-41571 CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41570 CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-24612 MEDIUM POC This Month

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyesofnetwork
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33525 HIGH POC This Week

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
7.7%
CVE-2021-27514 CRITICAL POC PATCH Act Now

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-27513 HIGH POC PATCH THREAT This Week

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
28.4%
CVE-2020-27887 HIGH PATCH This Week

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection PHP Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-27886 CRITICAL PATCH Act Now

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-24390 MEDIUM PATCH This Month

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Eyesofnetwork
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-9465 CRITICAL POC THREAT Emergency

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
82.2%
CVE-2020-8656 CRITICAL POC THREAT Emergency

An issue was discovered in EyesOfNetwork 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
84.6%
CVE-2020-8655 HIGH POC KEV THREAT Act Now

An issue was discovered in EyesOfNetwork 5.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Privilege Escalation Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
58.1%
CVE-2020-8654 HIGH POC THREAT Act Now

An issue was discovered in EyesOfNetwork 5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
85.6%
CVE-2020-8657 CRITICAL POC KEV THREAT Emergency

An issue was discovered in EyesOfNetwork 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
91.9%
CVE-2019-14923 HIGH POC This Week

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eyesofnetwork
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.3%
CVE-2017-16000 HIGH POC This Week

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-15933 HIGH POC This Week

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.2
EPSS
0.6%
CVE-2017-15880 HIGH POC This Week

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-15188 MEDIUM POC This Month

A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-14985 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-14984 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-14983 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-14753 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14405 HIGH POC This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
CVSS 3.0
7.2
EPSS
6.9%
CVE-2017-14404 HIGH POC This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Eyesofnetwork
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14403 CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14402 CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14401 CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14252 CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14247 CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14119 HIGH POC This Week

In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2017-14118 HIGH POC This Week

In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2017-13780 HIGH This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000060 CRITICAL POC Act Now

EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eyesofnetwork
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2017-6088 HIGH POC This Week

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.9%
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Eyesofnetwork
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eyesofnetwork
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Eyesofnetwork
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyesofnetwork
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC This Week

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Eyesofnetwork
NVD GitHub
EPSS 28% CVSS 8.8
HIGH POC PATCH THREAT This Week

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Eyesofnetwork
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection PHP Eyesofnetwork
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Eyesofnetwork
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Eyesofnetwork
NVD GitHub
EPSS 82% CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Eyesofnetwork
NVD GitHub
EPSS 85% CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered in EyesOfNetwork 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP +1
NVD GitHub Exploit-DB
EPSS 58% CVSS 7.8
HIGH POC KEV THREAT Act Now

An issue was discovered in EyesOfNetwork 5.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Privilege Escalation Eyesofnetwork
NVD GitHub Exploit-DB
EPSS 86% CVSS 8.8
HIGH POC THREAT Act Now

An issue was discovered in EyesOfNetwork 5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Eyesofnetwork
NVD GitHub Exploit-DB
EPSS 92% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

An issue was discovered in EyesOfNetwork 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Eyesofnetwork
NVD GitHub Exploit-DB
EPSS 4% CVSS 8.8
HIGH POC This Week

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eyesofnetwork
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH POC This Week

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
EPSS 7% CVSS 7.2
HIGH POC This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Eyesofnetwork
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Eyesofnetwork
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eyesofnetwork
NVD
EPSS 7% CVSS 7.2
HIGH POC This Week

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy