CVE-2020-8656
CVE-2020-8656
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 84.6%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Lifecycle
06 Feb 2020Metasploit module available
06 Feb 2020Published on NVD
07 Feb 2020Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
Affected products
n/a · n/apublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48169unverifiedexploitdbwww.exploit-db.com/exploits/48025unverifiedvulncheckvulncheck.com/xdb/b206a059b299unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.