What is CVE-2020-8654?

CVE-2020-8654 is a vulnerability in N/a. Published 2020-02-06.

Is CVE-2020-8654 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-8654

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.

EPSS: 0.919 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArianeBlow/EyesOfNetwork-vuln-checker
h4knet/eonrce

References

github.com/EyesOfNetworkCommunity/eonweb/issues/50 (x_refsource_MISC)
packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.ht… (x_refsource_MISC)
packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-8654?: CVE-2020-8654 is a vulnerability in N/a. Published 2020-02-06.
Is CVE-2020-8654 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.