CVE-2021-27514
Presentation
It is possible to steal the administrator session. The function that generates the “session_id” is not complex enough. We can therefore brut force the “session_id” of the administrator.
Exploit
Impacted Version(s)
EON 4.2+ EON 5.0+
Fixed Version(s)
Fix
Download latest EON fixed version.
Relevant link
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27514