|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-12-27 | |
| Rule Name: | Alienvault Unified Security Management and OSSIM Gauge.php SQL Injection Vulnerability -1 (CVE-2016-8582) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Other Unix, FreeBSD, Linux | |
| Reference: | SecurityFocusBID:93866 ExploitDB:40684 https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities |