Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2018-19908
HistoryDec 06, 2018 - 4:29 p.m.

CVE-2018-19908

2018-12-0616:29:00
Google
osv.dev
1

7.4 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CPENameOperatorVersion
mispeq2.3.71
mispeq2.4.40
mispeq2.3.158
mispeq2.3.99
mispeq2.3.68
mispeq2.3.145
mispeq2.3.15
mispeq2.3.45
mispeq2.3.39
mispeq2.4.71
Rows per page:
1-10 of 2621

Related

prion 1
cvelist 1
exploitpack 1
cve 1
zdt 1
packetstorm 1
nvd 1
exploitdb 1
prion
prion
Command injection
2018-12-06 16:29:00
cvelist
cvelist
CVE-2018-19908
2018-12-06 16:00:00
exploitpack
exploitpack
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
2019-02-18 00:00:00
cve
cve
CVE-2018-19908
2018-12-06 16:29:00
zdt
zdt
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module Exploit
2019-02-18 00:00:00
packetstorm
packetstorm
MISP 2.4.97 SQL Injection / Command Injection
2019-02-18 00:00:00
nvd
nvd
CVE-2018-19908
2018-12-06 16:29:00
exploitdb
exploitdb
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
2019-02-18 00:00:00

7.4 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON
Related for OSV:CVE-2018-19908
prion1cvelist1exploitpack1cve1zdt1packetstorm1nvd1exploitdb1