PT-2009-6497 · Alienvault · Alienvault Ossim
Published
2009-12-21
·
Updated
2010-05-11
·
CVE-2009-4375
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AlienVault Open Source Security Information Management (OSSIM) versions prior to 2.1.5-4
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
id document parameter in the repository/repository attachment.php file.Recommendations
For versions prior to 2.1.5-4, update to version 2.1.5-4 or later to resolve the issue.
Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alienvault Ossim