Alienvault OSSIM/USM 5.3.1 SQL Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of...

Alienvault OSSIM/USM 5.3.1 - SQL Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of...

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

CVE-2016-8582

Summary of CVE-2016-8582 : A SQL injection vulnerability exists in the gauge.php component of AlienVault OSSIM/USM prior to 5.3.2. The flaw is triggered in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php, where a serialized array can carry a SQL query in the type field, en...