CVE-2013-5967
09.10.2013, 14:54
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
| Vendor | Product | Version |
|---|---|---|
| alienvault | open_source_security_information_management | 𝑥 ≤ 4.3 |
| alienvault | open_source_security_information_management | 1.0.4 |
| alienvault | open_source_security_information_management | 1.0.6 |
| alienvault | open_source_security_information_management | 2.1 |
| alienvault | open_source_security_information_management | 2.1.2 |
| alienvault | open_source_security_information_management | 2.1.5 |
| alienvault | open_source_security_information_management | 2.1.5-1 |
| alienvault | open_source_security_information_management | 2.1.5-2 |
| alienvault | open_source_security_information_management | 2.1.5-3 |
| alienvault | open_source_security_information_management | 3.1 |
| alienvault | open_source_security_information_management | 3.1.9 |
| alienvault | open_source_security_information_management | 3.1.10 |
| alienvault | open_source_security_information_management | 3.1.12 |
| alienvault | open_source_security_information_management | 4.0.3 |
| alienvault | open_source_security_information_management | 4.0.4 |
| alienvault | open_source_security_information_management | 4.1 |
| alienvault | open_source_security_information_management | 4.1.2 |
| alienvault | open_source_security_information_management | 4.1.3 |
| alienvault | open_source_security_information_management | 4.2 |
| alienvault | open_source_security_information_management | 4.2.2 |
| alienvault | open_source_security_information_management | 4.2.3 |
𝑥
= Vulnerable software versions