CVE-2009-4372 Information

Description

AlienVault Open Source Security Information Management (OSSIM) 2.1.5 and possibly other versions before 2.1.5-4 allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php (2) storage_graphs.php (3) storage_graphs2.php (4) storage_graphs3.php and (5) storage_graphs4.php in sem/.

Reference

http://osvdb.org/61151 http://osvdb.org/61152 http://osvdb.org/61153 http://osvdb.org/61154 http://osvdb.org/61155 http://secunia.com/advisories/37727 http://www.alienvault.com/community.php?section=News http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf http://www.exploit-db.com/exploits/10480 http://www.securityfocus.com/bid/37375 https://exchange.xforce.ibmcloud.com/vulnerabilities/54843