An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can...
9.8CVSS
9.4AI Score
0.002EPSS
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can...
9.8CVSS
9.8AI Score
0.001EPSS
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we...
9.8CVSS
9.7AI Score
0.013EPSS
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored...
5.4CVSS
5.1AI Score
0.001EPSS
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the...
8.8CVSS
8.8AI Score
0.003EPSS
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre...
8.8CVSS
8.7AI Score
0.003EPSS
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513...
9.8CVSS
8.9AI Score
0.004EPSS
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by...
9.8CVSS
8.1AI Score
0.002EPSS
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to...
8.8CVSS
7.6AI Score
0.002EPSS