{"api_version":"1","generated_at":"2026-05-28T20:15:56+00:00","cve":"CVE-2020-8656","urls":{"html":"https://cve.report/CVE-2020-8656","api":"https://cve.report/api/cve/CVE-2020-8656.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-8656","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-8656"},"summary":{"title":"CVE-2020-8656","description":"An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-02-07 00:15:00","updated_at":"2022-01-01 19:57:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://github.com/EyesOfNetworkCommunity/eonapi/issues/16","name":"https://github.com/EyesOfNetworkCommunity/eonapi/issues/16","refsource":"MISC","tags":["Third Party Advisory"],"title":"Injection SQL sur le champ username de getApiKey · Issue #16 · EyesOfNetworkCommunity/eonapi · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html","name":"http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html","refsource":"MISC","tags":[],"title":"EyesOfNetwork AutoDiscovery Target Command Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html","name":"http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"EyesOfNetwork 5.3 Remote Code Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-8656","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8656","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"8656","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eyesofnetwork","cpe5":"eyesofnetwork","cpe6":"5.3-0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8656","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eyesofnetwork","cpe5":"eyesofnetwork","cpe6":"5.3-0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-8656","qid":"730386","title":"EyesOfNetwork Multiple Vulnerabilities"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-8656","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/EyesOfNetworkCommunity/eonapi/issues/16","url":"https://github.com/EyesOfNetworkCommunity/eonapi/issues/16"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html","url":"http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html","url":"http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html"}]}},"nvd":{"publishedDate":"2020-02-07 00:15:00","lastModifiedDate":"2022-01-01 19:57:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"8656","Ordinal":"168997","Title":"CVE-2020-8656","CVE":"CVE-2020-8656","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"8656","Ordinal":"1","NoteData":"An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"8656","Ordinal":"2","NoteData":"2020-02-06","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"8656","Ordinal":"3","NoteData":"2020-03-03","Type":"Other","Title":"Modified"}]}}}