Multiple SQL Injection Vulnerabilities in EyesOfNetwork (EON) 5.0 and Earlier

Multiple SQL Injection Vulnerabilities in EyesOfNetwork (EON) 5.0 and Earlier

CVE-2017-6088 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.