An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/EyesOfNetworkCommunity/eonapi/issues/16 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-06T23:47:30
Updated: 2020-03-03T15:06:02
Reserved: 2020-02-06T00:00:00
Link: CVE-2020-8656
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-07T00:15:09.723
Modified: 2022-01-01T19:57:15.157
Link: CVE-2020-8656
JSON object: View
Redhat Information
No data.
CWE