CVE-2020-27886

Sažetak

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).

Reference

https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
https://www.eyesofnetwork.com/en
http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-02-2021 - 15:06

Objavljeno

29-10-2020 - 19:15