CVE-2017-1000060

Name of the Vulnerable Software and Affected Versions EyesOfNetwork (EON) version 5.1

Description The issue is related to an unauthenticated SQL injection in the eonweb component, specifically affecting the logout.php file. This vulnerability is due to a lack of protection in the SQL query structure, allowing a remote attacker to bypass access control rules and gain remote root access to the server. The exploitation of this issue can occur after authentication using the session table, taking advantage of insufficient permissions in SNMPd.

Recommendations For EyesOfNetwork (EON) version 5.1, consider disabling the eonweb component or restricting access to the logout.php file as a temporary workaround until a patch is available. Additionally, review and adjust the permissions in SNMPd to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.