PT-2017-13096 · Eyesofnetwork · Eyesofnetwork

Hi-Kk

Published

2017-08-30

Updated

2021-02-23

CVE-2017-13780

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions EyesOfNetwork web interface (aka eonweb) versions 5.1-0

Description The issue allows directory traversal attacks, enabling the reading of arbitrary files. This is achieved via the file parameter in the module/admin conf/download.php API endpoint.

Recommendations For EyesOfNetwork web interface (aka eonweb) versions 5.1-0, consider restricting access to the module/admin conf/download.php API endpoint until a patch is available. As a temporary workaround, avoid using the file parameter in this endpoint to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-13780

Affected Products

Eyesofnetwork

PT-2017-13096 · Eyesofnetwork · Eyesofnetwork

CVE-2017-13780

Weakness Enumeration

Related Identifiers

Affected Products

References · 4