An issue was discovered in MISP ... CVE-2018-19908

- AV AC AU C I A
发布: 2018-12-06
修订: 2018-12-11

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

0%
暂无可用Exp或PoC
产品及版本信息(CPE)暂不可用