CVE-2016-8580

CRITICAL

AlienVault OSSIM & USM <5.3.2 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-8580. PoCs published by Peter Lapp, Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a PHP object injection vulnerability in Alienvault OSSIM/USM by injecting a serialized IDS_Report object into the refresh parameter of image.php. The __toString method of IDS_Report is executed, confirming the vulnerability.

Description

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Peter Lapp · textwebappsphp

https://www.exploit-db.com/exploits/40682

View Code ZIP pw:eip

This exploit demonstrates a PHP object injection vulnerability in Alienvault OSSIM/USM by injecting a serialized IDS_Report object into the refresh parameter of image.php. The __toString method of IDS_Report is executed, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Alienvault OSSIM/USM <=5.3.1

Auth required

Prerequisites: Authenticated access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Mehmet Ince · rubywebappsphp

https://www.exploit-db.com/exploits/41424

View Code ZIP pw:eip

This Metasploit module exploits a chain of vulnerabilities in AlienVault OSSIM/USM, including object injection, authentication bypass, and SQL injection, to achieve remote code execution as root. It hijacks an admin session, creates a rogue action with a Python payload, and triggers it via SSH login.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: AlienVault OSSIM/USM <= 5.3.0

No auth needed

Prerequisites: Network access to the target · SSH service exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40682/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93864

Scores

CVSS v3 9.8

EPSS 0.1256

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (2)

alienvault/open_source_security_information_and_event_management < 5.3.1

alienvault/unified_security_management < 5.3.1

Published Oct 28, 2016

Tracked Since Feb 18, 2026