Lucene search
K

5 matches found

OSV
OSV
added 2018/12/06 4:29 p.m.18 views

CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...

8.8CVSS7.4AI score
Exploits0References3
Prion
Prion
added 2018/12/06 4:29 p.m.16 views

Command injection

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...

9CVSS8.8AI score0.1716EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2018/12/06 4:29 p.m.26 views

CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...

9CVSS8.9AI score0.1716EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/12/06 4:0 p.m.31 views

CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...

8.9AI score0.1716EPSS
Exploits5References3
CVE
CVE
added 2018/12/06 4:0 p.m.72 views

CVE-2018-19908

Affected software: MISP 2.4.9x (pre-2.4.99). In the STIX 1 import path, the code in app/Model/Event.php uses an unescaped filename string to build a shell command. This enables an authenticated attacker to modify the STIX import filename to inject and execute arbitrary commands. Exploitation deta...

9CVSS8.8AI score0.1716EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder