Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AlienVault OSSIM 多个SQL注入漏洞
Vulnerability Description
AlienVault OSSIM(Open Source Security Information Management)是美国AlienVault公司的一套开源的安全信息管理系统。该系统可将开源产品进行集成,提供一种能够实现安全监控功能的基础平台。 AlienVault OSSIM 4.1版本中存在多个SQL注入漏洞。远程攻击者可借助多个参数利用该漏洞执行任意SQL命令。这些参数包括:(1)向forensics/base_qry_main.php脚本传递Query操作中sensor参数;(2)向fore
CVSS Information
N/A
Vulnerability Type
N/A