CVE-2021-33525

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
24/05/2021
Last modified:
27/05/2021

Description

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:* 5.3-11 (including)