{"id":"CVE-2020-27887","details":"An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.","modified":"2026-04-10T04:26:41.212365Z","published":"2020-10-29T19:15:14.380Z","references":[{"type":"WEB","url":"https://www.eyesofnetwork.com/en"},{"type":"ADVISORY","url":"https://github.com/EyesOfNetworkCommunity/eonweb/issues/76"},{"type":"FIX","url":"http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eyesofnetworkcommunity/eonweb","events":[{"introduced":"71e23ee4cb7baa20b1654cfdd326d6ca22e2249f"},{"last_affected":"0811d99422e9a819adbae87f5a396b2498b13dd8"}],"database_specific":{"versions":[{"introduced":"5.3"},{"last_affected":"5.3-8"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27887.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}