Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2018-19908
HistoryDec 06, 2018 - 4:00 p.m.

CVE-2018-19908

2018-12-0616:00:00
mitre
www.cve.org

8.9 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

Related

prion 1
osv 1
cve 1
zdt 1
exploitpack 1
nvd 1
packetstorm 1
exploitdb 1
prion
prion
Command injection
2018-12-06 16:29:00
osv
osv
CVE-2018-19908
2018-12-06 16:29:00
cve
cve
CVE-2018-19908
2018-12-06 16:29:00
zdt
zdt
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module Exploit
2019-02-18 00:00:00
exploitpack
exploitpack
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
2019-02-18 00:00:00
nvd
nvd
CVE-2018-19908
2018-12-06 16:29:00
packetstorm
packetstorm
MISP 2.4.97 SQL Injection / Command Injection
2019-02-18 00:00:00
exploitdb
exploitdb
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
2019-02-18 00:00:00

8.9 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON
Related for CVELIST:CVE-2018-19908
prion1osv1cve1zdt1exploitpack1nvd1packetstorm1exploitdb1