CVE-2020-8656

CRITICAL EXPLOITED NUCLEI

EyesOfNetwork 5.3 - Unauthenticated SQL Injection via Username Field in getApiKey

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-8656 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Clément Billac. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a multi-stage attack against EyesOfNetwork 5.3, combining SQL injection (CVE-2020-8656) for authentication bypass, user creation via API, and remote code execution (CVE-2020-8654) through command injection in the discovery module. It also includes a privilege escalation (CVE-2020-8655) via a crafted NSE script executed by nmap.

Description

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

Exploits (3)

exploitdb WORKING POC
by Clément Billac · textwebappsphp
https://www.exploit-db.com/exploits/48025

This exploit demonstrates a multi-stage attack against EyesOfNetwork 5.3, combining SQL injection (CVE-2020-8656) for authentication bypass, user creation via API, and remote code execution (CVE-2020-8654) through command injection in the discovery module. It also includes a privilege escalation (CVE-2020-8655) via a crafted NSE script executed by nmap.

Classification
Working Poc 95%
Attack Type
Rce | Lpe | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork 5.3 (API v2.4.2)
No auth needed
Prerequisites: Network access to the EyesOfNetwork server · Python 3 environment · Target running unpatched EyesOfNetwork 5.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/h4knet/eonrce

This repository contains functional exploit code for CVE-2020-8656, which involves SQL injection in the EyesOfNetwork API's getApiKey function. The exploit chains multiple CVEs (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656) to achieve remote code execution (RCE) and local privilege escalation (LPE) on EyesOfNetwork versions 5.1 to 5.3.

Classification
Working Poc 95%
Attack Type
Rce | Lpe | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork 5.1 to 5.3
No auth needed
Prerequisites: Network access to the EyesOfNetwork API · Python environment with requests and BeautifulSoup libraries
devstral-2 · analyzed Feb 25, 2026 Full analysis →
exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/48169

This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656, CVE-2020-8657) to achieve remote command execution as root. It leverages command injection in the AutoDiscovery feature, privilege escalation via Nmap, and authentication bypass via SQLi or a hardcoded API key.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork <= 5.3 (API version <= 2.4.2)
No auth needed
Prerequisites: Network access to the target · EyesOfNetwork web interface accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

EyesOfNetwork - Hardcoded API Key & SQL Injection
CRITICALVERIFIEDby ritikchaddha
FOFA: title="EyesOfNetwork"

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/EyesOfNetworkCommunity/eonapi/issues/16
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html

Scores

CVSS v3 9.8
EPSS 0.8182
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-24
CWE
CWE-89
Status published
Products (1)
eyesofnetwork/eyesofnetwork 5.3-0
Published Feb 07, 2020
Tracked Since Feb 18, 2026