Full title: AlienVault 4.6.1 SQL Injection Vulnerability Category: web applications Platform: php AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required. # 0day.today @ http://0day.today/