Published: 22/02/2021 Updated: 26/02/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."

Vulnerable Product	Search on Vulmon	Subscribe to Product
eyesofnetwork eyesofnetwork 5.3-10

Check Point Reference: CPAI-2021-2120 Date Published: 28 Feb 2024 Severity: High ...

ITSM_Broken_control

CVE-2021-27513 ITSM_Broken_control # Exploit Title: EyesOfNetwork 53 - File Upload Remote Code Execution # Date: 10/01/2021 # Exploit Author: ArianeBlow # Vendor Homepage: wwweyesofnetworkcom/en # Software Link: downloadeyesofnetworkcom/EyesOfNetwork-53-x86_64-biniso # Version: 53-10

exploit-eyesofnetwork Version 535 up to 5310 CVE-2021-27513 / CVE-2021-27514 #The brute-forcing can take a very long time on non production environement cause "session_id" is created at every login (but every session_id generated by the app are valide) #for the PoC i deployed an EyesOfNetwork solution and I've simulate an daily use with 300 login (on product

CWE-434 https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py https://github.com/EyesOfNetworkCommunity/eonweb/issues/87 https://nvd.nist.gov https://github.com/ArianeBlow/CVE-2021-27513 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2021-2120.html

CVE-2021-27513

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect