Andras Iklody

CVE-2023-48658 WRITEUP CRITICAL WRITEUP

MISP < 2.4.176 - SQL Injection via Missing Parameter Validation in AppModel

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

CVSS 9.8

View Code