Raphael Lob

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.187 **Description** The issue concerns a weak security check in the ` uploadLogo` function within the `OrganisationsController.php` file. This function does not properly validate logo uploads. **Recommendations** For versions prior to 2.4.187, update to version 2.4.187 or later to resolve the issue. As a temporary workaround, consider disabling the ` uploadLogo` function in `OrganisationsController.php` until a patch is available. Restrict access to the logo upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.187 **Description** The issue arises from the `add misp export` function in `app/Controller/EventsController.php` not properly checking for a valid file upload. This could potentially lead to security weaknesses. **Recommendations** For versions prior to 2.4.187, update to version 2.4.187 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities until the update can be applied.