CVE-2020-27886

CRITICAL

eyesofnetwork 5.3-7-5.3-8 - Unauthenticated SQL Injection via username_available Function

Title source: llm
STIX 2.1

Description

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).

References (3)

Core 3
Core References
Product x_refsource_misc
https://www.eyesofnetwork.com/en
Patch, Product, Vendor Advisory x_refsource_misc
http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
Third Party Advisory x_refsource_misc
https://github.com/EyesOfNetworkCommunity/eonweb/issues/76

Scores

CVSS v3 9.8
EPSS 0.0168
EPSS Percentile 74.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
eyesofnetwork/eyesofnetwork 5.3-7 - 5.3-8
Published Oct 29, 2020
Tracked Since Feb 18, 2026