CVE-2020-8656

CRITICAL EXPLOITED NUCLEI

EyesOfNetwork <5.3 - SQL Injection

Title source: llm

Description

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

Exploits (3)

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/48169

View on exploitdb

exploitdb WORKING POC

by Clément Billac · textwebappsphp

https://www.exploit-db.com/exploits/48025

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/h4knet/eonrce

View Code ZIP pw:eip

Nuclei Templates (1)

EyesOfNetwork - Hardcoded API Key & SQL Injection

CRITICALVERIFIEDby ritikchaddha

FOFA: title="EyesOfNetwork"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html

[Third Party Advisory] https://github.com/EyesOfNetworkCommunity/eonapi/issues/16

Scores

CVSS v3 9.8

EPSS 0.8337

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-10-24

Classification

CWE

CWE-89

Status published

Affected Products (1)

eyesofnetwork/eyesofnetwork

Timeline

Published Feb 07, 2020

Tracked Since Feb 18, 2026