Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2018-19908
HistoryDec 06, 2018 - 4:29 p.m.

Command injection

2018-12-0616:29:00
PRIOn knowledge base
www.prio-n.com
2

8.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CPENameOperatorVersion
mispge2.4.90
misplt2.4.99

Related

osv 1
cve 1
zdt 1
exploitpack 1
nvd 1
cvelist 1
packetstorm 1
exploitdb 1
osv
osv
CVE-2018-19908
2018-12-06 16:29:00
cve
cve
CVE-2018-19908
2018-12-06 16:29:00
zdt
zdt
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module Exploit
2019-02-18 00:00:00
exploitpack
exploitpack
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
2019-02-18 00:00:00
nvd
nvd
CVE-2018-19908
2018-12-06 16:29:00
cvelist
cvelist
CVE-2018-19908
2018-12-06 16:00:00
packetstorm
packetstorm
MISP 2.4.97 SQL Injection / Command Injection
2019-02-18 00:00:00
exploitdb
exploitdb
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
2019-02-18 00:00:00

8.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON
Related for PRION:CVE-2018-19908
osv1cve1zdt1exploitpack1nvd1cvelist1packetstorm1exploitdb1