Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MISP 安全漏洞
Vulnerability Description
MISP是一套开源的用于收集、存储、分发和共享网络安全指标和威胁网络安全事件分析和恶意软件分析的软件解决方案。 MISP 2.4.99之前的2.4.9x版本中存在安全漏洞,该漏洞源于app/Model/Event.php文件(STIX 1 import代码)用未转义的filename字符串构建shell命令。攻击者可通过修改原始文件名利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A