CVE-2020-27886
Presentation
A SQL exploit is present in eonweb, the injection parameter is user_name. This injection allows to bypass the authentification and so to allow anyone to login without any account.This exploit is possible in the function username_available() in the file includes/functions.php that is called from login.php.
Exploit
Impacted Version(s)
EON 5.3-7 EON 5.3-8
Fixed Version(s)
All versions from :
Fix
Download latest EON fixed version.