2 matches found
CVE-2026-54394
The CVE-2026-54394 entry describes a path traversal vulnerability in MISP's OrganisationsController::getOrgLogo. The vulnerable code constructs paths to organisation logos using fields like id, name, and uuid without enforcing that the resolved path stays under APP/files/img/orgs/. An attacker ab...
PT-2026-48996
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A path traversal issue exists in the getOrgLogo function of the OrganisationsController. The software constructs file paths for organization logos using fields controlled by the organization, su...