PT-2020-20252 · Eyesofnetwork · Eyesofnetwork

H4Knet

Published

2020-02-06

Updated

2021-12-30

CVE-2020-8654

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3

Description An issue allows an authenticated web user with sufficient privileges to abuse the AutoDiscovery module and run arbitrary OS commands via the "module/module frame/index.php autodiscovery.php" target field.

Recommendations For EyesOfNetwork version 5.3, consider restricting access to the AutoDiscovery module until a patch is available. As a temporary workaround, avoid using the AutoDiscovery module to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-8654

Affected Products

Eyesofnetwork

PT-2020-20252 · Eyesofnetwork · Eyesofnetwork

CVE-2020-8654

Weakness Enumeration

Related Identifiers

Affected Products

References · 8