CVE-2019-14923

HIGH

EyesOfNetwork 5.1 - Remote Command Execution via Tool All Host Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14923. PoCs published by Nassim Asrir.

AI-analyzed exploit summary This exploit leverages an authenticated command injection vulnerability in EyesOfNetwork 5.1 by injecting shell metacharacters into the 'host_list' parameter, which is passed to a 'popen' function call in 'snmpwalk.php'. It requires valid credentials and sends a crafted POST request to execute arbitrary commands.

Description

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nassim Asrir · pythonwebappsphp

https://www.exploit-db.com/exploits/47280

View Code ZIP pw:eip

This exploit leverages an authenticated command injection vulnerability in EyesOfNetwork 5.1 by injecting shell metacharacters into the 'host_list' parameter, which is passed to a 'popen' function call in 'snmpwalk.php'. It requires valid credentials and sends a crafted POST request to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EyesOfNetwork 5.1

Auth required

Prerequisites: Valid credentials for EyesOfNetwork · Network access to the target application

MITRE ATT&CK

T1202 - Indirect Command Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://www.eyesofnetwork.com/?p=2072

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/47280

Scores

CVSS v3 8.8

EPSS 0.0427

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

eyesofnetwork/eyesofnetwork 5.1-0

Published Aug 16, 2019

Tracked Since Feb 18, 2026