CVE-2019-12868

Published: Jun 17, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/MISP/MISP/commit/c42c5fe92783dd306b7600db1f6a25324445b40c

https://zigrin.com/advisories/misp-command-injection-via-phar-deserialization/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-12868

Description

Affected Products

References