Логотип exploitDog
bind:CVE-2018-19908
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2018-19908

Количество 2

Количество 2

nvd логотип

CVE-2018-19908

больше 6 лет назад

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-2g5q-p9pf-crp5

больше 3 лет назад

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CVSS3: 8.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CVSS3: 8.8
44%
Средний
больше 6 лет назад
github логотип
GHSA-2g5q-p9pf-crp5

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

CVSS3: 8.8
44%
Средний
больше 3 лет назад

Уязвимостей на страницу