CVE-2009-3439

Alienvault Ossim < 2.1 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/9828

References (4)

Scores

EPSS 0.0015
EPSS Percentile 35.9%

Details

CWE
CWE-89
Status published
Products (4)
alienvault/ossim 1.0.4
alienvault/ossim 1.0.6
alienvault/ossim 2.1 (2 CPE variants)
alienvault/ossim < 2.1
Published Sep 28, 2009
Tracked Since Feb 18, 2026