What is CVE-2013-5967?

CVE-2013-5967 is a vulnerability in Alienvault Open_source_security_information_management, classified under SQL Injection. Published 2013-10-09.

Is CVE-2013-5967 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Alienvault Open_source_security_information_management

CVE-2013-5967

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.p…

Vulnerability class: SQL Injection

EPSS: 0.353 (97.1th percentile) — read the EPSS interpretation.

Affected products

Alienvault Open_source_security_information_management — versions 1.0.4, 1.0.6, 2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

62790 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
98052 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2013-5967?: CVE-2013-5967 is a vulnerability in Alienvault Open_source_security_information_management, classified under SQL Injection. Published 2013-10-09.
Is CVE-2013-5967 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.