| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| username | query param | /eonapi/getApiKey | SQLi path to obtain admin API key via crafted username/password parameters in getApiKey endpoint. | CWE-269 |
| password | query param | /eonapi/getApiKey | SQLi path to obtain admin API key via crafted username/password parameters in getApiKey endpoint. | CWE-269 |
| user_name | request body | /eonapi/createEonUser | API call to create a new EON user; potential misuse for privilege escalation via crafted user creation. | CWE-269 |
| user_group | request body | /eonapi/createEonUser | API call to create a new EON user; potential misuse for privilege escalation via crafted user creation. | CWE-269 |
| user_password | request body | /eonapi/createEonUser | API call to create a new EON user; potential misuse for privilege escalation via crafted user creation. | CWE-269 |
| user_name | request body | /eonapi/deleteEonUser | API call to delete a created EON user; used in exploit flow to cleanup after privilege escalation. | CWE-269 |
| login | request body | /login.php | Authentication endpoint used in exploit to obtain session and cookies for further actions. | CWE-269 |
| mdp | request body | /login.php | Authentication endpoint used in exploit to obtain session and cookies for further actions. | CWE-269 |
| request | request body | /lilac/autodiscovery.php | AutoDiscovery feature endpoint where a crafted target parameter can trigger command execution via a composed NSE payload. | CWE-269 |
| job_name | request body | /lilac/autodiscovery.php | AutoDiscovery feature endpoint where a crafted target parameter can trigger command execution via a composed NSE payload. | CWE-269 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation