AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities

Summary
This host is running AlienVault OSSIM and is prone to multiple sql injection and remote code execution vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for execution of arbitrary code. Impact Level: System/Application
Solution
Upgrade to OSSIM 4.3.2 or later, For updates refer http://www.alienvault.com/open-threat-exchange/projects
Insight
Multiple flaws are due to improper sanitization of user-supplied input via 'date_from' and 'date_to' GET parameter passed to graph_geoloc.php script.
Affected
AlienVault Open Source Security Information Management (OSSIM) 4.3.1 and prior.
Detection
Send a HTTP GET request and check whether it is able to execute sql query or not.
References