Remote Command Execution in MISP 2.4.109 via Super Administrator Privileges
CVE-2019-12868 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
Learn more about our Cis Benchmark Audit For Server Software.