PT-2023-30879 · Misp · Misp
Dawid Czarnecki
·
Published
2023-11-17
·
Updated
2024-01-10
·
CVE-2023-48658
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MISP versions prior to 2.4.176
Description
An issue was discovered in the app/Model/AppModel.php file, where it lacks a checkParam function for characters such as alphanumerics, underscore, dash, period, and space.
Recommendations
For versions prior to 2.4.176, update to version 2.4.176 or later to resolve the issue. As a temporary workaround, consider restricting input to the AppModel to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Misp