Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2020-9465

Published: 28/02/2020 Updated: 23/02/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Eyesofnetwork

Vulnerability Summary

An issue exists in EyesOfNetwork eonweb 5.1 up to and including 5.3 prior to 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to perform various tasks such as authentication bypass via the user_id field in a cookie.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eyesofnetwork eyesofnetwork

Github Repositories

https://github.com/h4knet/eonrce

EyesOfNetwork 5.1 to 5.3 exploits

eonrce EyesOfNetwork 51 to 53 exploits Theses two exploit files uses the following CVE's: CVE_number__ Description CVE-2020-8654 Discovery module to allows to run arbitrary OS commandsWe were able to run the id command with the following payload in the target field : ;id # CVE-2020-8655 LPE via nmap NSE scriptAs the apache user is allowed to run nmap as root, w

References

CWE-89https://github.com/EyesOfNetworkCommunity/eonweb/issues/51https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-3https://nvd.nist.govhttps://github.com/h4knet/eonrce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook