Vulnerability Description
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eyesofnetwork | Eyesofnetwork | <= 5.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/03/23/4ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/97084Third Party AdvisoryVDB Entry
- https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injeExploitThird Party Advisory
- https://www.exploit-db.com/exploits/41747/ExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2017/03/23/4ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/97084Third Party AdvisoryVDB Entry
- https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injeExploitThird Party Advisory
- https://www.exploit-db.com/exploits/41747/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-6088?
CVE-2017-6088 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4...
How severe is CVE-2017-6088?
CVE-2017-6088 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6088?
Check the references section above for vendor advisories and patch information. Affected products include: Eyesofnetwork Eyesofnetwork.