CVE-2016-8582

critical

Published 2016-10-28 · Modified 2026-05-06

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities

Application impact

Vendor	Product	Versions	Fixed
alienvault	open_source_security_information_and_event_management	`{"endIncluding":"5.3.1"}`
alienvault	unified_security_management	`{"endIncluding":"5.3.1"}`

References

http://www.securityfocus.com/bid/93866
https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities
https://www.exploit-db.com/exploits/40684/
http://www.securityfocus.com/bid/93866
https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities
https://www.exploit-db.com/exploits/40684/

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.