AlienVault OSSIM SQL Injection And Remote Code Execution Vulnerabilities Network Vulnerability

Summary

This host is running AlienVault OSSIM and is prone to multiple sql injection and remote code execution vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for execution of arbitrary code. Impact Level: System/Application

Solution

Upgrade to OSSIM 4.3.2 or later, For updates refer http://www.alienvault.com/open-threat-exchange/projects

Insight

Multiple flaws are due to improper sanitization of user-supplied input via 'date_from' and 'date_to' GET parameter passed to graph_geoloc.php script.

Affected

AlienVault Open Source Security Information Management (OSSIM) 4.3.1 and prior.

Detection

Send a HTTP GET request and check whether it is able to execute sql query or not.

References

http://packetstormsecurity.com/files/126446
http://www.exploit-db.com/exploits/33006
http://www.exploit-db.com/exploits/33141
http://www.osvdb.com/106252

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe ColdFusion Authentication Bypass Vulnerability
Assesi 'bg' Parameter SQL Injection vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability

AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities