CVE-2017-15933

Опубликовано: 27 окт. 2017

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.

Ссылки

http://www.securityfocus.com/bid/101615
Third Party Advisory
VDB Entry
https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_device_index.php-SQL%20injection%20vulnerability
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/101615
Third Party Advisory
VDB Entry
https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_device_index.php-SQL%20injection%20vulnerability
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.1-0:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00614

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5qmh-6p7q-jw57