ShaoJie Jiang

5 exploits Active since Oct 2017
CVE-2017-15880 WRITEUP HIGH WRITEUP
EyesOfNetwork 5.1-0 - Authenticated SQL Injection via group_name Parameter
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVSS 7.2
CVE-2017-15188 WRITEUP MEDIUM WRITEUP
EyesOfNetwork 5.1-0 - Authenticated Stored Cross-Site Scripting via Hosts Array Parameter
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.
CVSS 4.8
CVE-2017-15880 WRITEUP HIGH WRITEUP
EyesOfNetwork 5.1-0 - Authenticated SQL Injection via group_name Parameter
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVSS 7.2
CVE-2017-15933 WRITEUP HIGH WRITEUP
EyesOfNetwork 5.1-0 - Authenticated SQL Injection via Host Parameter
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
CVSS 7.2
CVE-2017-16000 WRITEUP HIGH WRITEUP
EyesOfNetwork 5.1-0 - Authenticated SQL Injection via Graph Parameter
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
CVSS 7.2