Vulnerabilities > Eyesofnetwork > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-14401 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-11 CVE-2017-14252 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-09-11 CVE-2017-14247 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8
2017-07-17 CVE-2017-1000060 SQL Injection vulnerability in Eyesofnetwork 5.10
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
network
low complexity
eyesofnetwork CWE-89
critical
 9.8
9.8