Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Alienvault Open Source Security Information Management多个SQL注入漏洞
Vulnerability Description
开放源安全信息管理器(OSSIM)2.1.2版本之前的版本中存在多个SQL注入漏洞。远程验证用户借助对(1)repository_document.php,(2)repository_links.php,和(3)repository/中的repository_editdocument.php的id_document参数;(4)对policy/getpolicy.php的group参数;对(5)host/newhostgroupform.php的名称参数和(6)net/modifynetform.php;和
CVSS Information
N/A
Vulnerability Type
N/A