CVE-2020-9465

Critical

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection,…

mitre·CWE-89·Published 2020-02-28

CVSS

9.8

EPSS

0.82

KEV

Exploits

cve.orgen

258 chars

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.

NVDen

258 chars

NVDes

294 chars

Se detectó un problema en EyesOfNetwork eonweb versiones 5.1 hasta 5.3 anteriores a 5.3-3. La interfaz web de eonweb es propensa a una inyección SQL, permitiendo a un atacante no autenticado realizar varias tareas, tales como omitir la autenticación por medio de el campo user_id en una cookie.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H