{"id":"CVE-2017-6087","details":"EyesOfNetwork (\"EON\") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.","modified":"2026-03-15T22:17:41.054435Z","published":"2017-03-24T14:59:00.337Z","references":[{"type":"WEB","url":"https://sysdream.com/news/lab/2017-03-14-cve-2017-6087-eon-5-0-remote-code-execution/"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/41746/"},{"type":"WEB","url":"http://www.securityfocus.com/bid/97109"},{"type":"FIX","url":"https://github.com/EyesOfNetworkCommunity/eonweb/commit/196729cc045ef93ceeddd1de505a1de8f9cdf74d"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2017/03/23/5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/EyesOfNetworkCommunity/eonweb","events":[{"introduced":"0"},{"last_affected":"b830d78e70ce71ac81d73c36f75e36c8f1cb5869"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.0-0"}]}},{"type":"GIT","repo":"https://github.com/eyesofnetworkcommunity/eonweb","events":[{"introduced":"0"},{"fixed":"196729cc045ef93ceeddd1de505a1de8f9cdf74d"}]}],"versions":["4.3-0","5.0-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6087.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}