3 matches found
CVE-2019-12868
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP fileexists function is used with user-controlled entries, and phar:// URLs trigger deserialization...
CVE-2019-12868
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP fileexists function is used with user-controlled entries, and phar:// URLs trigger deserialization...
CVE-2019-12868
CVE-2019-12868 (MISP 2.4.109) is a remote command execution vulnerability in the PHP component at app/Model/Server.php . The root cause is the use of PHP’s file_exists with user-controlled entries combined with phar:// URLs, which can trigger deserialization and allow a super administrator to exe...