CVE-2020-8656
Presentation
A SQL exploit is present in eonapi, the parameter is getApiKey. This injection allows to bypass the authentification and so allows anyone to login without any account.
Exploit
Impacted Version(s)
EON 5.3-0
Fixed Version(s)
Fix
Download latest EON fixed version.
Relevant link
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8656
http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html