Описание
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
Ссылки
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.1 (включая) до 5.3-3 (исключая)
cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.78909
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
EPSS
Процентиль: 99%
0.78909
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89