EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
ID: CVE-2020-8654
Severity: high
Author: praetorian-thendrickson
Tags: cve2020,cve,cisa,eyesofnetwork,rce,authenticated,msf,sqli
Description
Section titled “Description”EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.
YAML Source
Section titled “YAML Source”id: CVE-2020-8654
info: name: EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution author: praetorian-thendrickson severity: high description: EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465. impact: | Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary SQL queries or remote code on the affected system. remediation: | Upgrade to a patched version of EyesOfNetwork or apply the necessary security patches to mitigate the vulnerabilities. reference: - https://github.com/h4knet/eonrce - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eyesofnetwork_autodiscovery_rce.rb - https://github.com/EyesOfNetworkCommunity/eonweb/issues/50 - https://nvd.nist.gov/vuln/detail/CVE-2020-8654 - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-8654 cwe-id: CWE-78 epss-score: 0.04806 epss-percentile: 0.92702 cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: eyesofnetwork product: eyesofnetwork tags: cve2020,cve,cisa,eyesofnetwork,rce,authenticated,msf,sqli
http: - method: GET path: - "{{BaseURL}}/css/eonweb.css"
matchers-condition: and matchers: - type: dsl dsl: - compare_versions(version, '< 5.4', '>= 5.1')
- type: word part: body words: - "EyesOfNetwork"
- type: status status: - 200
extractors: - type: regex name: version group: 1 regex: - "# VERSION : ([0-9.]+)" internal: true part: body# digest: 4b0a00483046022100bbd476d7b837614cc1256dd19fdb0b27ce6dcbf63ae750db1f0408b21aeb8354022100ae21cf050ca750a23cacad936375575a28d72063c5a4c2a1ad34e7b081d5dde6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-8654.yaml"