Vulnerabilities
Vulnerable Software
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-07
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-27
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-27
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").
CVSS Score
9.8
EPSS Score
0.032
Published
2022-06-30
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
CVSS Score
8.8
EPSS Score
0.077
Published
2021-05-24
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-08-27
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
CVSS Score
9.8
EPSS Score
0.786
Published
2020-02-28
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
CVSS Score
8.8
EPSS Score
0.132
Published
2019-08-16
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
CVSS Score
7.2
EPSS Score
0.004
Published
2017-10-29
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
CVSS Score
7.2
EPSS Score
0.006
Published
2017-10-27


Contact Us

Shodan ® - All rights reserved