CVE-2020-9465

Name of the Vulnerable Software and Affected Versions EyesOfNetwork eonweb versions 5.1 through 5.3 before 5.3-3

Description An issue was discovered in the eonweb web interface, which is prone to a SQL injection. This allows an unauthenticated attacker to perform various tasks, such as authentication bypass via the user id field in a cookie.

Recommendations For EyesOfNetwork eonweb versions 5.1 through 5.3 before 5.3-3, update to version 5.3-3 or later to resolve the issue. As a temporary workaround, consider restricting access to the eonweb web interface to minimize the risk of exploitation. Avoid using the user id field in cookies until the issue is resolved.