MISP – Command injection via phar:// deserialization
CIRCL – Computer Incident Response Center Luxembourg
Update to MISP version 2.4.110
There is a command execution vulnerability in MISP due to the deserialization of phar files by functions like file_exists or fopen.
It’s only exploitable with admin privileges.
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.