CVE-2009-3439

OSSIM < 2.1.2 - Authenticated SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3439.

AI-analyzed exploit summary This advisory details multiple SQL injection, XSS, and unauthorized access vulnerabilities in OSSIM 2.1 and 2.1.1, providing specific vulnerable scripts, parameters, and example exploit URLs. It includes technical details on attack vectors but does not contain functional exploit code.

Description

Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/9828

View Code ZIP pw:eip

This advisory details multiple SQL injection, XSS, and unauthorized access vulnerabilities in OSSIM 2.1 and 2.1.1, providing specific vulnerable scripts, parameters, and example exploit URLs. It includes technical details on attack vectors but does not contain functional exploit code.

Classification

Writeup 95%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OSSIM 2.1 and 2.1.1

Auth required

Prerequisites: Network access to OSSIM server · Valid credentials for SQLi attacks

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://dsecrg.com/pages/vul/show.php?id=155

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36504

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36867

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/506663/100/0/threaded

Scores

EPSS 0.0086

EPSS Percentile 53.6%

Details

CWE

CWE-89

Status published

Products (4)

alienvault/ossim 1.0.4

alienvault/ossim 1.0.6

alienvault/ossim 2.1 (2 CPE variants)

alienvault/ossim < 2.1

Published Sep 28, 2009

Tracked Since Feb 18, 2026