CyberSec.Space Logo
Back to CVE Browser

CVE-2013-5321

HIGH
7.5
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile34.92th
PublishedAug 20, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.

Affected Platforms (CPE)

📦
Alienvault

Open Source Security Information Management

= 4.1

References & Advisories

🔗 http://www.exploit-db.com/exploits/26406
🔗 http://www.exploit-db.com/exploits/26406

Related Vulnerabilities

CVE-2009-43737.5

Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Mana...

CVE-2009-43747.5

Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Managemen...

CVE-2009-43727.5

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote at...

CVE-2009-43757.5

SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSS...