CVE-2020-8656

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8656
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8656.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8656
Published
2020-02-07T00:15:09.723Z
Modified
2026-04-10T04:28:26.851641Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

References

Affected packages

Git / github.com/eyesofnetworkcommunity/eonweb

Affected ranges

Type
GIT
Repo
https://github.com/eyesofnetworkcommunity/eonweb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
71e23ee4cb7baa20b1654cfdd326d6ca22e2249f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3-0"
        }
    ]
}

Affected versions

4.*
4.3-0
5.*
5.3-0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8656.json"