{"id":"CVE-2017-14118","details":"In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\\tool_all\\tools\\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.","modified":"2026-07-08T12:05:23.667970Z","published":"2017-09-03T20:29:00.193Z","references":[{"type":"EVIDENCE","url":"http://kk.whitecell-club.org/index.php/archives/220/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eyesofnetworkcommunity/eonweb","events":[{"introduced":"2251697fce862458296fd614ba8a28ab90cbe493"},{"last_affected":"2251697fce862458296fd614ba8a28ab90cbe493"}],"database_specific":{"extracted_events":[{"introduced":"5.1-0"},{"last_affected":"5.1-0"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.1-0:*:*:*:*:*:*:*"}}],"versions":["5.1-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14118.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}