AlienVault OSSIM ws_data SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ossim-framework service. The issue lies in the handling of the ws_data parameter due to a failure to use parameterized queries when using user-supplied data as part of a SQL query. An attacker could leverage this vulnerability to execute SQL under the context of the database.