QwikSec

Security Database

CVE

CWE

Training

CVE-2017-6087

Published: Mar 24, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20170323 [CVE-2017-6087] EON 5.0 Remote Code Execution

mailing-list

x_refsource_MLIST

https://github.com/EyesOfNetworkCommunity/eonweb/commit/196729cc045ef93ceeddd1de505a1de8f9cdf74d

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

https://sysdream.com/news/lab/2017-03-14-cve-2017-6087-eon-5-0-remote-code-execution/

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.