CVE-2022-41571 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
The application does not sanitize user-inputs before using them within the application.
An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file.
Solution: Upgrade to version 5.4.7 or later.
CVE-2022-41570
The application does not sanitize user-inputs before using them within the application.
An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file.
Solution: Upgrade to version 5.4.7 or later.
Credit: Thanks to Omkar Sonawane for providing the initial vulnerability report
The application does not sanitize user-inputs before using them within the application. An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file. Upgrade to version 5.4.7 or later.
Information disclosure vulnerability
The application does not sanitize user-inputs before using them within the application. An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file.
Credit to the researchers who identified the vulnerability
Back in February 2018, a vulnerability was found and reported to the vendor. The vendor fixed the issue about three months later by releasing version 5.4.7 of the application.
Timeline
Published on: 09/27/2022 23:15:00 UTC
Last modified on: 09/28/2022 23:16:00 UTC