Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.172
EPSS Ranking 96.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Products affected by CVE-2018-19908


Contact Us

Shodan ® - All rights reserved