CVE-2020-8656

Critical

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker…

mitre·CWE-89·Published 2020-02-06

CVSS

9.8

EPSS

0.85

KEV

Exploits

cve.orgen

258 chars

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

NVDen

258 chars

NVDes

312 chars

Se detectó un problema en EyesOfNetwork versión 5.3. La API de EyesOfNetwork versión 2.4.2 es propensa a una inyección SQL, permitiendo a un atacante no autenticado realizar varias tareas, tales como la omisión de autenticación por medio del campo username para getApiKey en el archivo include/api_functions.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H