Exploit Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
38781
Проверка EDB
  1. Пройдено
Автор
YU-CHI DING
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2013-5967
Дата публикации
2013-10-02
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections
Код:
source: https://www.securityfocus.com/bid/62790/info

Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable. 

http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here%

http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here%
 
Источник
www.exploit-db.com

Похожие темы