ID CVE-2019-12868
Summary app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
References
Vulnerable Configurations
  • MISP 2.4.109
    cpe:2.3:a:misp:misp:2.4.109
CVSS
Base: 6.5
Impact:
Exploitability:
CWE CWE-502
CAPEC
Last major update 17-06-2019 - 20:15
Published 17-06-2019 - 20:15
Last modified 18-06-2019 - 16:12
Back to Top