CVE-2020-8656

{"id": "CVE-2020-8656", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-07T00:15:09.723", "references": [{"url": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/16", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/16", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php."}, {"lang": "es", "value": "Se detect\u00f3 un problema en EyesOfNetwork versi\u00f3n 5.3. La API de EyesOfNetwork versi\u00f3n 2.4.2 es propensa a una inyecci\u00f3n SQL, permitiendo a un atacante no autenticado realizar varias tareas, tales como la omisi\u00f3n de autenticaci\u00f3n por medio del campo username para getApiKey en el archivo include/api_functions.php."}], "lastModified": "2024-11-21T05:39:12.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569CE2B4-B9FF-44FB-8550-FED2DBCFA749"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}