exploitDog

GHSA-p73m-v6fq-jvc8

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.

Ссылки

EPSS

Процентиль: 83%

0.0196

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2019-12868

CVSS3: 7.2

nvd

больше 6 лет назад

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.

EPSS

Процентиль: 83%

0.0196

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-502