CRITICAL✓ PATCH🇬🇧 English

CVE-2016-8582

CVSS 9.8v3.0pub. 2016-10-28upd. 2026-05-06

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Alienvault Open Source Security Information And Event Management

    APP
    Alienvault
    ≤ 5.3.1
  • Alienvault Unified Security Management

    APP
    Alienvault
    ≤ 5.3.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2018-7279CRITICAL9.8ten sam produkt

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.

CVE-2017-6972CRITICAL9.8ten sam produkt

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessa...

CVE-2016-7955CRITICAL9.8ten sam produkt

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and US...

CVE-2016-8580CRITICAL9.8ten sam produkt

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. ...

CVE-2017-6970HIGH8.4ten sam produkt

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands i...