An issue was discovered in MISP ... CVE-2018-19908

9.0 AV AC AU C I A
发布: 2018-12-06
修订: 2019-03-18

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.