Vulnerabilities > Eyesofnetwork > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-27 CVE-2022-41570 SQL Injection vulnerability in Eyesofnetwork
An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2022-09-27 CVE-2022-41571 Unspecified vulnerability in Eyesofnetwork
An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
network
low complexity
eyesofnetwork
critical
 9.8
9.8
2022-06-30 CVE-2021-40643 Unspecified vulnerability in Eyesofnetwork
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page.
network
low complexity
eyesofnetwork
critical
 10.0
10
2021-05-24 CVE-2021-33525 OS Command Injection vulnerability in Eyesofnetwork
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
network
low complexity
eyesofnetwork CWE-78
critical
 9.0
9.0
2020-10-29 CVE-2020-27887 OS Command Injection vulnerability in Eyesofnetwork Eonweb
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8.
network
low complexity
eyesofnetwork CWE-78
critical
 9.0
9.0
2020-02-07 CVE-2020-8655 Improper Privilege Management vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
network
eyesofnetwork CWE-269
critical
 9.3
9.3
2020-02-07 CVE-2020-8654 OS Command Injection vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
network
low complexity
eyesofnetwork CWE-78
critical
 9.0
9.0
2017-07-17 CVE-2017-1000060 SQL Injection vulnerability in Eyesofnetwork 5.10
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
network
low complexity
eyesofnetwork CWE-89
critical
 10.0
10
2017-04-11 CVE-2017-6088 SQL Injection vulnerability in Eyesofnetwork
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
network
low complexity
eyesofnetwork CWE-89
critical
 9.0
9.0