CVE-2020-27887
Presentation
An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
Exploit
Impacted Version(s)
EON 5.3 (All versions)
Fixed Version(s)
Not fixed.
Fix
Not fixed.
Relevant link
https://h4knet.medium.com/exploiting-sql-injections-in-eyesofnetwork-baacab0b9e7b https://github.com/EyesOfNetworkCommunity/eonweb/issues/76 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27887