5 matches found
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link:...
MISP 2.4.97 SQL Injection / Command Injection
--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module Exploit
Exploit for php platform in category web applications --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99...
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...
CVE-2018-19908
Affected software: MISP 2.4.9x (pre-2.4.99). In the STIX 1 import path, the code in app/Model/Event.php uses an unescaped filename string to build a shell command. This enables an authenticated attacker to modify the STIX import filename to inject and execute arbitrary commands. Exploitation deta...