CVE-2017-14404

Name of the Vulnerable Software and Affected Versions EyesOfNetwork web interface (aka eonweb) versions 5.1-0

Description The issue allows for local file inclusion via the tool list parameter (also referred to as the url tool variable) to the "module/tool all/select tool.php" endpoint. This can be exploited, for example, by using a tool list value such as php://filter/.

Recommendations For EyesOfNetwork web interface (aka eonweb) versions 5.1-0, consider restricting access to the module/tool all/select tool.php endpoint to minimize the risk of exploitation. Avoid using the tool list parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.