Multiple vulnerabilities have been reported in OSSIM, which can be exploited by malicious users to conduct SQL injection attacks and to compromise a vulnerable system.

1) Input passed via the "id_document" parameter to repository/repository_attachment.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "uniqueid" parameter to sem/wcl.php, sem/storage_graphs.php, sem/storage_graphs2.php, sem/storage_graphs3.php, and sem/storage_graphs4.php is not properly sanitised before being used as a command line argument. This can be exploited to inject arbitrary shell commands.

3) Input passed via the "id_document" form field to repository/repository_attachment.php is not properly sanitised before being used to store files. This can be exploited to e.g. create arbitrary PHP files via a specially crafted HTTP POST request.

The vulnerabilities are reported in versions prior to 2.1.5-4.

Solution
Update to version 2.1.5-4 or later.

Provided and/or discovered by
Nahuel Grisolia

Changelog
Further details available in Customer Area

Original Advisory
Nahuel Grisolia:
http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf
http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf
http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf

OSSIM:
http://www.alienvault.com/community.php?section=News

Deep Links
Links available in Customer Area