Полное название: AlienVault OSSIM SQL Injection / Code Execution Exploit 
Категория: remote exploits
Платформа: multiple
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code execution can be gained by creating a high priority policy with an action containing our payload.

# 0day.today @ http://0day.today/