Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyesofnetwork eyesofnetwork vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-27886
An issue exists in EyesOfNetwork eonweb 5.3-7 up to and including 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to exploit the username_available function of the includes/functions.php file (which is called by login.php).
Eyesofnetwork Eyesofnetwork
8.8
CVSSv3
CVE-2021-33525
EyesOfNetwork eonweb up to and including 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
Eyesofnetwork Eyesofnetwork
1 Github repository
8.8
CVSSv3
CVE-2020-27887
An issue exists in EyesOfNetwork 5.3 up to and including 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
Eyesofnetwork Eyesofnetwork
6.1
CVSSv3
CVE-2020-24390
eonweb in EyesOfNetwork prior to 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2020-9465
An issue exists in EyesOfNetwork eonweb 5.1 up to and including 5.3 prior to 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to perform various tasks such as authentication bypass via the user_id field in a cookie.
Eyesofnetwork Eyesofnetwork
1 Github repository
7.2
CVSSv3
CVE-2017-6088
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or th...
Eyesofnetwork Eyesofnetwork
1 EDB exploit
9.8
CVSSv3
CVE-2021-40643
EyesOfNetwork prior to 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any com...
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2022-41570
An issue exists in EyesOfNetwork (EON) up to and including 5.3.11. Unauthenticated SQL injection can occur.
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2022-41571
An issue exists in EyesOfNetwork (EON) up to and including 5.3.11. Local file inclusion can occur.
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2020-8657
An issue exists in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an malicious user to calculate/guess the admin access token.
Eyesofnetwork Eyesofnetwork 5.3-0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »