Incorrect validation of temporary filenames
A bug in MISP Malware Information Sharing Platform introduces a potential PHP Object injection vulnerability from a user input.
Fixes
MISP versions below 2.3.90 are vulnerable. This vulnerability is fixed in version 2.3.90.
CVE
CVE-2015-5721
Acknowledgement
CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.
Classification of this document
TLP:CLEAR information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 - TLP:CLEAR - First version (20150804)