Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-27886 | 1 Eyesofnetwork | 1 Eonweb | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | |||||
CVE-2020-27887 | 1 Eyesofnetwork | 1 Eonweb | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. | |||||
CVE-2020-9465 | 1 Eyesofnetwork | 1 Eonweb | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. |