A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAlienvault Open Source Security Information And Event Management
APPAlienvault≤ 5.3.1Alienvault Unified Security Management
APPAlienvault≤ 5.3.1
Related vulnerabilities
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessa...
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and US...
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. ...
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands i...