Vulnerabilities > Misp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-18 | CVE-2019-12868 | Deserialization of Untrusted Data vulnerability in Misp 2.4.109 app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. | 7.2 |
| 2018-12-06 | CVE-2018-19908 | OS Command Injection vulnerability in Misp An issue was discovered in MISP 2.4.9x before 2.4.99. | 8.8 |
| 2018-02-12 | CVE-2018-6926 | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 7.2 |