Short Name |
HTTP:SQL:INJ:INTO-OUTFILE |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
INTO OUTFILE/DUMPFILE Command Injection |
Release Date |
2012/07/11 |
Update Number |
2160 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to perform SQL Injection. Dynamic web pages that accept user input without proper variable validation are vulnerable to arbitrary command injection.
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.