CVE-2009-4372

AlienVault OSSIM < 2.1.5-4 - Remote Command Execution via UniqueID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4372. PoCs published by Nahuel Grisolia.

AI-analyzed exploit summary The exploit demonstrates a remote command execution vulnerability in OSSIM due to insufficient input sanitization. It provides multiple URLs with command injection payloads to execute arbitrary commands on the target system.

Description

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nahuel Grisolia · textwebappsphp

https://www.exploit-db.com/exploits/10480

View Code ZIP pw:eip

The exploit demonstrates a remote command execution vulnerability in OSSIM due to insufficient input sanitization. It provides multiple URLs with command injection payloads to execute arbitrary commands on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OSSIM 2.1.5

No auth needed

Prerequisites: Network access to the OSSIM server

MITRE ATT&CK