Presentation

The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.

Exploit

EONRCEv2

Impacted Version(s)

EON 5.1 (All versions)

EON 5.3-0

EON 5.3-1

EON 5.3-2

Fixed Version(s)

EON 5.3-3

Fix

Download latest EON fixed version.

https://github.com/EyesOfNetworkCommunity/eonweb/issues/51