Lucene search
K

5 matches found

exploitpack
exploitpack
added 2019/02/18 12:0 a.m.25 views

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link:...

9CVSS1.2AI score0.1716EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/02/18 12:0 a.m.41 views

MISP 2.4.97 SQL Injection / Command Injection

--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...

9CVSS8.8AI score0.1716EPSS
Exploits5
0day.today
0day.today
added 2019/02/18 12:0 a.m.56 views

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module Exploit

Exploit for php platform in category web applications --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99...

9CVSS0.4AI score0.1716EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/02/18 12:0 a.m.53 views

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...

9CVSS9AI score0.1716EPSS
Exploits5
CVE
CVE
added 2018/12/06 4:0 p.m.72 views

CVE-2018-19908

Affected software: MISP 2.4.9x (pre-2.4.99). In the STIX 1 import path, the code in app/Model/Event.php uses an unescaped filename string to build a shell command. This enables an authenticated attacker to modify the STIX import filename to inject and execute arbitrary commands. Exploitation deta...

9CVSS8.8AI score0.1716EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder