Sql injection

2009-09-2822:30:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.5%

JSON

Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.

CPENameOperatorVersion
ossimeq2.1 32bit
ossimle2.1
ossimeq2.1 64bit
ossimeq1.0.4
ossimeq1.0.6

Name	Operator	Version
ossim	eq	2.1 32bit
ossim	le	2.1
ossim	eq	2.1 64bit
ossim	eq	1.0.4
ossim	eq	1.0.6

References

dsecrg.com/pages/vul/show.php?id=155

secunia.com/advisories/36867

www.securityfocus.com/archive/1/506663/100/0/threaded

www.securityfocus.com/bid/36504