Vulnerabilities > Eyesofnetwork > Eyesofnetwork > 5.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-27 | CVE-2022-41570 | SQL Injection vulnerability in Eyesofnetwork An issue was discovered in EyesOfNetwork (EON) through 5.3.11. | 9.8 |
| 2022-09-27 | CVE-2022-41571 | Unspecified vulnerability in Eyesofnetwork An issue was discovered in EyesOfNetwork (EON) through 5.3.11. | 9.8 |
| 2021-05-24 | CVE-2021-33525 | OS Command Injection vulnerability in Eyesofnetwork EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell. | 9.0 |
| 2019-08-16 | CVE-2019-14923 | OS Command Injection vulnerability in Eyesofnetwork 5.10 EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | 6.5 |
| 2017-10-29 | CVE-2017-16000 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | 6.5 |
| 2017-10-27 | CVE-2017-15933 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | 6.5 |
| 2017-10-24 | CVE-2017-15880 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | 6.5 |
| 2017-10-11 | CVE-2017-15188 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | 3.5 |
| 2017-10-03 | CVE-2017-14985 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. | 3.5 |
| 2017-10-03 | CVE-2017-14984 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. | 3.5 |