EIP-2026-104711

PRE-CVE

Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104711. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated SQL injection vulnerability in AlienVault OSSIM to retrieve an admin session ID, then leverages it to execute arbitrary commands via policy creation. The exploit chain involves SQLi for session hijacking followed by RCE through policy manipulation.

Description

Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/33141

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated SQL injection vulnerability in AlienVault OSSIM to retrieve an admin session ID, then leverages it to execute arbitrary commands via policy creation. The exploit chain involves SQLi for session hijacking followed by RCE through policy manipulation.

Classification

Working Poc 95%

Attack Type

Sqli | Rce

Complexity

Moderate

Reliability

Reliable

Target: AlienVault OSSIM <= 4.3.1

No auth needed

Prerequisites: Network access to the target OSSIM instance · SQL injection vulnerability in graph_geoloc.php

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026