Vulnerabilities > Eyesofnetwork > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-33525 OS Command Injection vulnerability in Eyesofnetwork
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
network
low complexity
eyesofnetwork CWE-78
8.8
8.8
2021-02-22 CVE-2021-27513 Unrestricted Upload of File with Dangerous Type vulnerability in Eyesofnetwork 5.310
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
network
low complexity
eyesofnetwork CWE-434
8.8
8.8
2020-10-29 CVE-2020-27887 OS Command Injection vulnerability in Eyesofnetwork
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8.
network
low complexity
eyesofnetwork CWE-78
8.8
8.8
2020-02-07 CVE-2020-8655 Improper Privilege Management vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
local
low complexity
eyesofnetwork CWE-269
7.8
7.8
2020-02-07 CVE-2020-8654 OS Command Injection vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
network
low complexity
eyesofnetwork CWE-78
8.8
8.8
2019-08-16 CVE-2019-14923 OS Command Injection vulnerability in Eyesofnetwork 5.10
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
network
low complexity
eyesofnetwork CWE-78
8.8
8.8
2017-10-29 CVE-2017-16000 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
network
low complexity
eyesofnetwork CWE-89
7.2
7.2
2017-10-27 CVE-2017-15933 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
network
low complexity
eyesofnetwork CWE-89
7.2
7.2
2017-10-24 CVE-2017-15880 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
network
low complexity
eyesofnetwork CWE-89
7.2
7.2
2017-09-13 CVE-2017-14405 OS Command Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
network
low complexity
eyesofnetwork CWE-78
7.2
7.2