ShaoJie Jiang - Security Researcher - Exploit Intelligence Platform

CVE-2017-15188 WRITEUP MEDIUM WRITEUP

Eyesofnetwork - XSS

A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.

CVSS 4.8

View Code

CVE-2017-15880 WRITEUP HIGH WRITEUP

Eyesofnetwork - SQL Injection

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).

CVSS 7.2

View Code

CVE-2017-15933 WRITEUP HIGH WRITEUP

Eyesofnetwork - SQL Injection

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.

CVSS 7.2

View Code

CVE-2017-16000 WRITEUP HIGH WRITEUP

Eyesofnetwork - SQL Injection

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.

CVSS 7.2

View Code