CVE-2014-5383

Alienvault Open Source Security Information Management - SQL Injection

Title source: rule

Description

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Exploits (2)

exploitdb WORKING POC

by Chris Hebert · textwebappsphp

https://www.exploit-db.com/exploits/33317

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://forums.alienvault.com/discussion/2690

[Exploit] http://www.securityfocus.com/bid/67312

Scores

EPSS 0.2890

EPSS Percentile 96.6%

Details

CWE

CWE-89

Status published

Products (29)

alienvault/open_source_security_information_management 1.0.4

alienvault/open_source_security_information_management 1.0.6

alienvault/open_source_security_information_management 2.1

alienvault/open_source_security_information_management 2.1.2

alienvault/open_source_security_information_management 2.1.5

alienvault/open_source_security_information_management 2.1.5-1

alienvault/open_source_security_information_management 2.1.5-2

alienvault/open_source_security_information_management 2.1.5-3

alienvault/open_source_security_information_management 3.1

alienvault/open_source_security_information_management 3.1.9

... and 19 more

Published Aug 21, 2014

Tracked Since Feb 18, 2026