CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-5321

HIGH
7.5
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile34.92th
Published2013年8月20日
Last Modified2026年4月29日

Vulnerability Description

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.

Affected Platforms (CPE)

📦
Alienvault

Open Source Security Information Management

= 4.1

References & Advisories

🔗 http://www.exploit-db.com/exploits/26406
🔗 http://www.exploit-db.com/exploits/26406

関連する脆弱性情報

CVE-2009-43737.5

Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Mana...

CVE-2009-43747.5

Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Managemen...

CVE-2009-43727.5

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote at...

CVE-2009-43757.5

SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSS...