CVE-2020-27887

Sažetak

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.

Reference

https://github.com/EyesOfNetworkCommunity/eonweb/issues/76
https://www.eyesofnetwork.com/en
http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

23-02-2021 - 15:07

Objavljeno

29-10-2020 - 19:15