Alienvault Unified Security Management and OSSIM gauge.php SQL Injection (CVE-2016-8582)

An SQL injection vulnerability exists in Alienvault Unified Security Management and OSSIM. The vulnerability is due to a lack of input validation on a component of the dashboard widgets. A remote, authenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation could result in information disclosure from the database.

Leave a Reply