CVE-2017-6088

HIGH

EyesOfNetwork < 5.0 - Authenticated SQL Injection via bp_name, display, search, equipment, or type Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6088. PoCs published by Sysdream.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection vulnerabilities in EyesOfNetwork (EON) 5.0, allowing authenticated users to execute arbitrary SQL queries via parameters like `bp_name`, `display`, `type`, `search`, and `equipment`. The PoC includes HTTP requests that exploit these vulnerabilities to dump database contents.

Description

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.

Exploits (1)

exploitdb WORKING POC

by Sysdream · webappsphp

https://www.exploit-db.com/exploits/41747

View Code ZIP pw:eip

The exploit demonstrates multiple SQL injection vulnerabilities in EyesOfNetwork (EON) 5.0, allowing authenticated users to execute arbitrary SQL queries via parameters like `bp_name`, `display`, `type`, `search`, and `equipment`. The PoC includes HTTP requests that exploit these vulnerabilities to dump database contents.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: EyesOfNetwork (EON) 5.0

Auth required

Prerequisites: Authenticated access to the EON web interface

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41747/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/03/23/4

Exploit, Third Party Advisory x_refsource_misc

https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97084

Scores

CVSS v3 7.2

EPSS 0.0583

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

eyesofnetwork/eyesofnetwork < 5.0

Published Apr 11, 2017

Tracked Since Feb 18, 2026