CVE-2021-27513

HIGH

EyesOfNetwork 5.3-10 - Authenticated Unrestricted Upload of Dangerous File Type

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-27513. PoCs published by ArianeBlow.

AI-analyzed exploit summary This PoC exploits CVE-2021-27513 and CVE-2021-27514 in EyesOfNetwork (versions 5.3-5.3.10) by brute-forcing session IDs to bypass authentication, then uploading a malicious PHP file to achieve remote code execution (RCE) via a reverse shell.

Description

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."

Exploits (2)

nomisec WORKING POC

by ArianeBlow · poc

https://github.com/ArianeBlow/CVE-2021-27513-CVE-2021-27514

View Code ZIP pw:eip

This PoC exploits CVE-2021-27513 and CVE-2021-27514 in EyesOfNetwork (versions 5.3-5.3.10) by brute-forcing session IDs to bypass authentication, then uploading a malicious PHP file to achieve remote code execution (RCE) via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EyesOfNetwork 5.3-5.3.10

No auth needed

Prerequisites: Network access to the target · Valid session ID (brute-forced or known)

MITRE ATT&CK

T1110 - Brute Force T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by ArianeBlow · poc

https://github.com/ArianeBlow/CVE-2021-27513

View Code ZIP pw:eip

This exploit leverages an arbitrary file upload vulnerability in EyesOfNetwork 5.3-10 to achieve remote code execution (RCE) via a malicious PHP file. It authenticates, uploads a reverse shell payload, and triggers it to establish a connection back to the attacker.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: EyesOfNetwork 5.3-10

Auth required

Prerequisites: valid credentials for EyesOfNetwork · network access to the target · listener set up on attacker's machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py

View Exploit ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/EyesOfNetworkCommunity/eonweb/issues/87

Scores

CVSS v3 8.8

EPSS 0.2839

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

eyesofnetwork/eyesofnetwork 5.3-10

Published Feb 22, 2021

Tracked Since Feb 18, 2026