CVE-2018-6926
12.02.2018, 17:29
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
| Vendor | Product | Version |
|---|---|---|
| misp | misp | 2.4.87 |
𝑥
= Vulnerable software versions