CVE-2017-14401
The EyesOfNetwork web interface (eonweb) 5.1-0 contains a SQL injection vulnerability in the USERNAME column, exploitable via the user_name parameter to module/admin_user/add_modify_user.php within the ACCOUNT UPDATE section. This allows an attacker to construct arbitrary SQL commands, enabling d...