Vulnerabilities > Eyesofnetwork > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-27 CVE-2022-41570 SQL Injection vulnerability in Eyesofnetwork
An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2022-09-27 CVE-2022-41571 Unspecified vulnerability in Eyesofnetwork
An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
network
low complexity
eyesofnetwork
critical
 9.8
9.8
2022-06-30 CVE-2021-40643 Unspecified vulnerability in Eyesofnetwork
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page.
network
low complexity
eyesofnetwork
critical
 9.8
9.8
2021-02-22 CVE-2021-27514 Improper Restriction of Excessive Authentication Attempts vulnerability in Eyesofnetwork 5.310
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).
network
low complexity
eyesofnetwork CWE-307
critical
 9.8
9.8
2020-10-29 CVE-2020-27886 SQL Injection vulnerability in Eyesofnetwork 5.37/5.38
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2020-02-28 CVE-2020-9465 SQL Injection vulnerability in Eyesofnetwork
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2020-02-07 CVE-2020-8656 SQL Injection vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2020-02-06 CVE-2020-8657 Use of Hard-coded Credentials vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
network
low complexity
eyesofnetwork CWE-798
critical
 9.8
9.8
2017-09-13 CVE-2017-14403 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-13 CVE-2017-14402 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8