Shaojie Jiang

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.1-0 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved by exploiting the `graph` parameter in the `/module/capacity per label/index.php` API endpoint. **Recommendations** For version 5.1-0, consider restricting access to the `/module/capacity per label/index.php` endpoint until a patch is available, and avoid using the `graph` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork version 5.1-0 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved by exploiting the `host` parameter in the module/capacity per device/index.php API endpoint. **Recommendations** For version 5.1-0, consider restricting access to the `module/capacity per device/index.php` endpoint until a patch is available. As a temporary workaround, avoid using the `host` parameter in this endpoint to minimize the risk of exploitation.