CVE-2013-5967
published 2013-10-09CVE-2013-5967: Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute…
PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.02%
97.0th percentile
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alienvault | open_source_security_information_management | <= 4.3 | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here%↗
- →Monitor HTTP requests targeting any of the five vulnerable PHP scripts under /RadarReport/ with a `date_from` query parameter containing SQL metacharacters or injection payloads. ↗
- →The Metasploit module for this vulnerability class (alienvault_iso27001_sqli) leverages authenticated SQL injection via a PNG-generation PHP file to achieve arbitrary file read — alert on authenticated sessions issuing unusual SQL-bearing requests to RadarReport endpoints. ↗
- ·The NVD entry states the vulnerability affects OSSIM 4.3 and earlier, but the Metasploit module targets version 4.5.0, suggesting the vulnerable code pattern persisted across a wider version range than originally disclosed. ↗
- ·Exploitation requires only a valid (non-admin) authenticated session; privilege escalation is not a prerequisite for arbitrary file read via the SQL injection path. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections
exploitdb·2013-10-02
CVE-2013-5967 Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/62790/info
Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable.
http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here%
http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here%
Metasploit
AlienVault Authenticated SQL Injection Arbitrary File Read
metasploit
AlienVault Authenticated SQL Injection Arbitrary File Read
AlienVault Authenticated SQL Injection Arbitrary File Read
AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authenticated user is able to exploit it, as administrator privileges aren't required.
No writeups or analysis indexed.
2013-10-09
Published