CVE-2017-6088

Name of the Vulnerable Software and Affected Versions EyesOfNetwork versions 5.0 and earlier

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via several parameters to specific API endpoints, including bp name, display, search, or equipment to "module/monitoring ged/ged functions.php" or the type parameter to "monitoring ged/ajax.php".

Recommendations For EyesOfNetwork versions 5.0 and earlier, update to a version later than 5.0 to resolve the issue. As a temporary workaround, consider restricting access to the "module/monitoring ged/ged functions.php" and "monitoring ged/ajax.php" endpoints until a patch is available. Avoid using the bp name, display, search, equipment, and type parameters in the affected API endpoints until the issue is resolved.