CVE-2018-19908

HIGH

MISP 2.4.90-2.4.98 - Authenticated OS Command Injection via STIX Import Filename

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19908. PoCs published by Tm9jdGlz.

AI-analyzed exploit summary This exploit leverages command injection in the STIX module of MISP to execute arbitrary SQL commands by crafting a malicious filename. It extracts database credentials from the configuration file and executes a MySQL query to elevate user privileges.

Description

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

Exploits (1)

exploitdb WORKING POC
by Tm9jdGlz · pythonwebappsphp
https://www.exploit-db.com/exploits/46401

This exploit leverages command injection in the STIX module of MISP to execute arbitrary SQL commands by crafting a malicious filename. It extracts database credentials from the configuration file and executes a MySQL query to elevate user privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MISP 2.4.90 - 2.4.99
No auth needed
Prerequisites: Access to the STIX module upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/MISP/MISP/releases/tag/v2.4.99
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46401/

Scores

CVSS v3 8.8
EPSS 0.1716
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
misp/misp 2.4.90 - 2.4.99
Published Dec 06, 2018
Tracked Since Feb 18, 2026