CVE-2023-48658

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.176

Description An issue was discovered in the app/Model/AppModel.php file, where it lacks a checkParam function for characters such as alphanumerics, underscore, dash, period, and space.

Recommendations For versions prior to 2.4.176, update to version 2.4.176 or later to resolve the issue. As a temporary workaround, consider restricting input to the AppModel to minimize the risk of exploitation.