CVE-2022-41571 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.

The application does not sanitize user-inputs before using them within the application.

An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file.

Solution: Upgrade to version 5.4.7 or later.

CVE-2022-41570

The application does not sanitize user-inputs before using them within the application.
An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file.
Solution: Upgrade to version 5.4.7 or later.

Credit: Thanks to Omkar Sonawane for providing the initial vulnerability report

The application does not sanitize user-inputs before using them within the application. An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file. Upgrade to version 5.4.7 or later.

Information disclosure vulnerability

The application does not sanitize user-inputs before using them within the application. An attacker could leverage this vulnerability to execute code as the user, log in as the user, or read data from the user's local file.

Credit to the researchers who identified the vulnerability

Back in February 2018, a vulnerability was found and reported to the vendor. The vendor fixed the issue about three months later by releasing version 5.4.7 of the application.

Timeline

Published on: 09/27/2022 23:15:00 UTC
Last modified on: 09/28/2022 23:16:00 UTC

References