Vulnerabilities > Eyesofnetwork > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-22 CVE-2021-27514 Improper Restriction of Excessive Authentication Attempts vulnerability in Eyesofnetwork 5.310
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).
network
low complexity
eyesofnetwork CWE-307
7.5
7.5
2020-10-29 CVE-2020-27886 SQL Injection vulnerability in Eyesofnetwork Eonweb 5.37/5.38
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2020-02-28 CVE-2020-9465 SQL Injection vulnerability in Eyesofnetwork Eonweb
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2020-02-07 CVE-2020-8656 SQL Injection vulnerability in Eyesofnetwork 5.30
An issue was discovered in EyesOfNetwork 5.3.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2017-09-13 CVE-2017-14403 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2017-09-13 CVE-2017-14402 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2017-09-13 CVE-2017-14401 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2017-09-11 CVE-2017-14252 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5
2017-09-11 CVE-2017-14247 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
network
low complexity
eyesofnetwork CWE-89
7.5
7.5