PT-2017-13447 · Eyesofnetwork · Eyesofnetwork

Published

2017-09-13

Updated

2021-02-23

CVE-2017-14404

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions EyesOfNetwork web interface (aka eonweb) versions 5.1-0

Description The issue allows for local file inclusion via the tool list parameter (also referred to as the url tool variable) to the "module/tool all/select tool.php" endpoint. This can be exploited, for example, by using a tool list value such as php://filter/.

Recommendations For EyesOfNetwork web interface (aka eonweb) versions 5.1-0, consider restricting access to the module/tool all/select tool.php endpoint to minimize the risk of exploitation. Avoid using the tool list parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-14404

Affected Products

Eyesofnetwork

PT-2017-13447 · Eyesofnetwork · Eyesofnetwork

CVE-2017-14404

Weakness Enumeration

Related Identifiers

Affected Products

References · 4