CVE-2021-39302

Name of the Vulnerable Software and Affected Versions MISP version 2.4.148

Description The issue allows SQL injection via the app/Model/Log.php $conditions['org'] value in certain configurations.

Recommendations For MISP version 2.4.148, consider restricting access to the app/Model/Log.php file until a patch is available. As a temporary workaround, avoid using the $conditions['org'] value in the affected configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.