{"api_version":"1","generated_at":"2026-06-10T13:55:43+00:00","cve":"CVE-2016-8582","urls":{"html":"https://cve.report/CVE-2016-8582","api":"https://cve.report/api/cve/CVE-2016-8582.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-8582","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-8582"},"summary":{"title":"CVE-2016-8582","description":"A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.","state":"PUBLISHED","assigner":"mitre","published_at":"2016-10-28 15:59:06","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities","name":"https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Security Advisory - AlienVault 5.3.2 address 70 vulnerabilities - AlienVault Community Forums","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/93866","name":"http://www.securityfocus.com/bid/93866","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Multiple AlienVault Products 'widgets/data/gauge.php' SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/40684/","name":"https://www.exploit-db.com/exploits/40684/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Alienvault OSSIM/USM 5.3.1 - SQL Injection - PHP webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-8582","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8582","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"8582","vulnerable":"1","versionEndIncluding":"5.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alienvault","cpe5":"open_source_security_information_and_event_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"8582","vulnerable":"1","versionEndIncluding":"5.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"alienvault","cpe5":"unified_security_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2016","cve_id":"8582","cve":"CVE-2016-8582","epss":"0.805480000","percentile":"0.991480000","score_date":"2026-05-09","updated_at":"2026-05-10 00:03:06"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T02:27:40.910Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"40684","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/40684/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"},{"name":"93866","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/93866"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-10-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-02T09:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"40684","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/40684/"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"},{"name":"93866","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/93866"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-8582","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"40684","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/40684/"},{"name":"https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities","refsource":"CONFIRM","url":"https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"},{"name":"93866","refsource":"BID","url":"http://www.securityfocus.com/bid/93866"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2016-8582","datePublished":"2016-10-28T15:00:00.000Z","dateReserved":"2016-10-10T00:00:00.000Z","dateUpdated":"2024-08-06T02:27:40.910Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-10-28 15:59:06","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alienvault:open_source_security_information_and_event_management:*:*:*:*:*:*:*:*","versionEndIncluding":"5.3.1","matchCriteriaId":"54AB403B-AABE-4C0F-A2C6-3D2E6AA81763"},{"vulnerable":true,"criteria":"cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*","versionEndIncluding":"5.3.1","matchCriteriaId":"294E154B-AEE3-454A-919A-AB4006BC6A02"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"8582","Ordinal":"1","Title":"CVE-2016-8582","CVE":"CVE-2016-8582","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"8582","Ordinal":"1","NoteData":"A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.","Type":"Description","Title":"CVE-2016-8582"},{"CveYear":"2016","CveId":"8582","Ordinal":"2","NoteData":"2016-10-28","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"8582","Ordinal":"3","NoteData":"2017-09-02","Type":"Other","Title":"Modified"}]}}}