eyesofnetwork 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、vendor risk cross-site scripting, and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact data exposure、vendor impact session compromise, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-41572 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. | [email protected] | 9.8 | 0.33% | 2025-01-07 | 2025-06-13 |
| CVE-2022-41434 | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. | [email protected] | 6.1 | 0.23% | 2022-11-08 | 2025-05-01 |
| CVE-2022-41433 | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. | [email protected] | 4.8 | 0.26% | 2022-11-08 | 2025-05-01 |
| CVE-2022-41432 | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. | [email protected] | 4.8 | 0.26% | 2022-11-08 | 2025-05-01 |
| CVE-2022-41571 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. | [email protected] | 9.8 | 0.76% | 2022-09-27 | 2025-05-21 |
| CVE-2022-41570 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | [email protected] | 9.8 | 0.32% | 2022-09-27 | 2025-05-21 |
| CVE-2021-40643 | EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail"). | [email protected] | 9.8 | 3.22% | 2022-06-30 | 2024-11-21 |
| CVE-2022-24612 | An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. | [email protected] | 5.4 | 0.25% | 2022-02-25 | 2024-11-21 |
| CVE-2021-33525 | EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell. | [email protected] | 8.8 | 6.73% | 2021-05-24 | 2024-11-21 |
| CVE-2021-27514 | EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | [email protected] | 9.8 | 13.67% | 2021-02-22 | 2024-11-21 |
| CVE-2021-27513 | The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside." | [email protected] | 8.8 | 44.41% | 2021-02-22 | 2024-11-21 |
| CVE-2020-27887 | An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. | [email protected] | 8.8 | 0.96% | 2020-10-29 | 2024-11-21 |
| CVE-2020-27886 | An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | [email protected] | 9.8 | 2.09% | 2020-10-29 | 2024-11-21 |
| CVE-2020-24390 | eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | [email protected] | 6.1 | 0.39% | 2020-08-27 | 2024-11-21 |
| CVE-2020-9465 | An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | [email protected] | 9.8 | 84.89% | 2020-02-28 | 2024-11-21 |
| CVE-2020-8656 | An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | [email protected] | 9.8 | 81.82% | 2020-02-07 | 2024-11-21 |
| CVE-2020-8655 KEV | An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. | [email protected] | 7.8 | 87.87% | 2020-02-07 | 2025-11-10 |
| CVE-2020-8654 | An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. | [email protected] | 8.8 | 91.91% | 2020-02-07 | 2024-11-21 |
| CVE-2020-8657 KEV | An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | [email protected] | 9.8 | 88.86% | 2020-02-06 | 2025-11-10 |
| CVE-2019-14923 | EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | [email protected] | 8.8 | 12.60% | 2019-08-16 | 2024-11-21 |