Published: 28/10/2016 Updated: 03/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Unified Security Management

A vulnerability exists in gauge.php of AlienVault OSSIM and USM prior to 5.3.2 that allows an malicious user to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alienvault unified security management
alienvault open source security information and event management

Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8582 Vulnerable Versions: <=531 Fixed Version: 532 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of /ossim/dashboard/sections/widgets/data/gaugephp o ...

Alienvault OSSIM/USM versions 531 and below suffer from a remote SQL injection vulnerability ...

CWE-89 https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities http://www.securityfocus.com/bid/93866 https://www.exploit-db.com/exploits/40684/https://nvd.nist.gov https://www.exploit-db.com/exploits/40684/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-8582

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect