Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections

EDB-ID:

38781


Platform:

PHP

Published:

2013-10-02

source: http://www.securityfocus.com/bid/62790/info

Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable. 

http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here%

http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here%