CVE-2020-8656

CRITICAL EXPLOITED NUCLEI

EyesOfNetwork <5.3 - SQL Injection

Title source: llm

Description

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

Exploits (3)

exploitdb WORKING POC

by Clément Billac · textwebappsphp

https://www.exploit-db.com/exploits/48025

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/h4knet/eonrce

View Code ZIP pw:eip

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/48169

View Code ZIP pw:eip

Nuclei Templates (1)

EyesOfNetwork - Hardcoded API Key & SQL Injection

CRITICALVERIFIEDby ritikchaddha

FOFA: title="EyesOfNetwork"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html

[Third Party Advisory] https://github.com/EyesOfNetworkCommunity/eonapi/issues/16

Scores

CVSS v3 9.8

EPSS 0.8182

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-24

CWE

CWE-89

Status published

Products (1)

eyesofnetwork/eyesofnetwork 5.3-0

Published Feb 07, 2020

Tracked Since Feb 18, 2026