Security Advisory

CVE-2018-19908

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-06 16:00:00

Last updated 2024-08-05 11:51:17

Assigner mitre

State PUBLISHED

Description

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

← Browse all CVEs View on cve.org ↗