CVE-2020-27886

Name of the Vulnerable Software and Affected Versions EyesOfNetwork eonweb versions 5.3-7 through 5.3-8

Description The issue is related to a SQL injection in the eonweb web interface, allowing an unauthenticated attacker to exploit the username available function of the includes/functions.php file, which is called by login.php.

Recommendations For EyesOfNetwork eonweb versions 5.3-7 through 5.3-8, consider disabling the username available function in the includes/functions.php file as a temporary workaround until a patch is available. Restrict access to the login.php file to minimize the risk of exploitation.