CVE-2018-6926
on github
Published
Severity
CVSS v3:
7.2 HIGH
CVSS v2:
9 HIGH
Description
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:misp:misp:2.4.87:*:*:*:*:*:*:* | n/a | n/a | 2.4.87 |