CVE-2014-5383

AlienVault OSSIM < 4.7.0 - Authenticated SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-5383. PoCs published by Chris Hebert, including Metasploit module auxiliary/gather/alienvault_newpolicyform_sqli.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in AlienVault OSSIM 4.6.1 and below, allowing arbitrary file reads via the 'insertafter' parameter in newpolicyform.php. The Metasploit module automates the attack by leveraging SQLi to extract file contents in chunks.

Description

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Exploits (2)

exploitdb WORKING POC

by Chris Hebert · textwebappsphp

https://www.exploit-db.com/exploits/33317

View Code ZIP pw:eip

This exploit demonstrates an authenticated SQL injection vulnerability in AlienVault OSSIM 4.6.1 and below, allowing arbitrary file reads via the 'insertafter' parameter in newpolicyform.php. The Metasploit module automates the attack by leveraging SQLi to extract file contents in chunks.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: AlienVault OSSIM 4.6.1 and below

Auth required

Prerequisites: Valid credentials for AlienVault OSSIM · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated SQL injection vulnerability in AlienVault 4.6.1 and below via the 'insertinto' parameter in newpolicyform.php to read arbitrary files from the filesystem. It uses a time-based blind SQL injection technique to extract file contents in hexadecimal chunks.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: AlienVault OSSIM 4.6.1 and below

Auth required

Prerequisites: Valid AlienVault credentials · Network access to the target · SQL injection parameter accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://forums.alienvault.com/discussion/2690

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67312

Scores

EPSS 0.2119

EPSS Percentile 97.3%

Details

CWE

CWE-89

Status published

Products (29)

alienvault/open_source_security_information_management 1.0.4

alienvault/open_source_security_information_management 1.0.6

alienvault/open_source_security_information_management 2.1

alienvault/open_source_security_information_management 2.1.2

alienvault/open_source_security_information_management 2.1.5

alienvault/open_source_security_information_management 2.1.5-1

alienvault/open_source_security_information_management 2.1.5-2

alienvault/open_source_security_information_management 2.1.5-3

alienvault/open_source_security_information_management 3.1

alienvault/open_source_security_information_management 3.1.9

... and 19 more

Published Aug 21, 2014

Tracked Since Feb 18, 2026