CVE-2008-0920

Name of the Vulnerable Software and Affected Versions Open Source Security Information Management (OSSIM) version 0.9.9 rc5

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the portname parameter in the /port/modifyportform.php endpoint, which is not properly handled by a validation regular expression.

Recommendations For Open Source Security Information Management (OSSIM) version 0.9.9 rc5, consider restricting access to the /port/modifyportform.php endpoint until a patch is available. As a temporary workaround, avoid using the portname parameter in this endpoint to minimize the risk of exploitation.