CVE-2008-0920
OSSIM < 0.9.9 - Authenticated SQL Injection via portname Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0920. PoCs published by Marcin Kopec.
AI-analyzed exploit summary The document describes SQL injection and XSS vulnerabilities in OSSIM 0.9.9rc5, providing specific exploit URLs and technical details about the flaws. It includes proof-of-concept payloads for both vulnerabilities.
Description
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
Exploits (1)
The document describes SQL injection and XSS vulnerabilities in OSSIM 0.9.9rc5, providing specific exploit URLs and technical details about the flaws. It includes proof-of-concept payloads for both vulnerabilities.