Vulnerabilities

CVE-2021-33525

by Fred · 24/05/2021

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.

Date published : 2021-05-24

https://github.com/ArianeBlow/LilacPathVUln/blob/main/eon-pwn.sh

https://github.com/EyesOfNetworkCommunity/eonweb/releases

Similar

Tags: Cybersecurity Alert