5 matches found
CVE-2018-19908
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...
CVE-2018-19908
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...
Command injection
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...
CVE-2018-19908
Affected software: MISP 2.4.9x (pre-2.4.99). In the STIX 1 import path, the code in app/Model/Event.php uses an unescaped filename string to build a shell command. This enables an authenticated attacker to modify the STIX import filename to inject and execute arbitrary commands. Exploitation deta...
CVE-2018-19908
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...