Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

DATE

07.09.2023

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.175

Fixed version

2.4.176

Recommendations

Upgrade to the recent MISP version

Vulnerability details

MISP is vulnerable to blind SQL injection.

The order named parameter in some areas of the application is injected into an SQL query without a proper escape. This vulnerability allows to extract various information from the database including password hashes, API keys, and other.

The exploitation of this vulnerability can be detected by examining the /var/www/MISP/app/tmp/logs/error.log file. The following grep command can be used to look for exploitations that use sqlmap:

grep -E '[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2} Error: \[PDOException\] SQLSTATE\[21000\]: Cardinality violation: 1242 Subquery returns more than 1 row' /var/www/MISP/app/tmp/logs/error.log

CVE

CVE-2023-48656

Credits

Dawid Czarnecki

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?