An issue exists in EyesOfNetwork 5.3 up to and including 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eyesofnetwork eyesofnetwork |