Web application abuses : Eyes Of Network (EON) SQL Injection Vulnerability (Active Check)

Vulnerability Search		Search 219043 CVE descriptions and 99761 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.143506

Category: Web application abuses

Title: Eyes Of Network (EON) SQL Injection Vulnerability (Active Check)

Summary: Eyes Of Network (EON) is prone to an SQL injection vulnerability over the API.

Description: Summary:
Eyes Of Network (EON) is prone to an SQL injection vulnerability over the API.

Vulnerability Insight:
Eyes Of Network (EON) is prone to an SQL injection vulnerability allowing an
unauthenticated attacker to perform various tasks such as authentication bypass.

Affected Software/OS:
Eyes Of Network API version 2.4.2 and probably prior.

Solution:
See the referenced vendor advisories for a solution.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-8656
http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
https://github.com/EyesOfNetworkCommunity/eonapi/issues/16

Copyright Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.143506
Category:	Web application abuses
Title:	Eyes Of Network (EON) SQL Injection Vulnerability (Active Check)
Summary:	Eyes Of Network (EON) is prone to an SQL injection vulnerability over the API.
Description:	Summary: Eyes Of Network (EON) is prone to an SQL injection vulnerability over the API. Vulnerability Insight: Eyes Of Network (EON) is prone to an SQL injection vulnerability allowing an unauthenticated attacker to perform various tasks such as authentication bypass. Affected Software/OS: Eyes Of Network API version 2.4.2 and probably prior. Solution: See the referenced vendor advisories for a solution. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8656 http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html https://github.com/EyesOfNetworkCommunity/eonapi/issues/16
Copyright	Copyright (C) 2020 Greenbone Networks GmbH