CVE-2013-5321

Name of the Vulnerable Software and Affected Versions AlienVault Open Source Security Information Management (OSSIM) version 4.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through various parameters in different PHP files, including the sensor parameter in a Query action to "forensics/base qry main.php", the tcp flags[] or tcp port[0][4] parameters to "forensics/base stat alerts.php", the ip addr[1][8] or port type parameters to "forensics/base stat ports.php", or the sortby or rvalue parameters in a search action to "vulnmeter/index.php".

Recommendations For AlienVault Open Source Security Information Management (OSSIM) version 4.1, consider disabling the vulnerable parameters sensor, tcp flags[], tcp port[0][4], ip addr[1][8], port type, sortby, and rvalue in their respective PHP files until a patch is available. Restrict access to the affected PHP files, such as "forensics/base qry main.php", "forensics/base stat alerts.php", "forensics/base stat ports.php", and "vulnmeter/index.php", to minimize the risk of exploitation.