CVE-2015-5721

NONE EPSS 83.5%
Published Sep 3, 20169y ago · Modified Jun 23, 20261w ago
Find Similar
Published Sep 3, 2016 9y ago
Last Modified Jun 23, 2026 1w ago

Description

Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.

Threat Intelligence

EPSS Exploit Probability
83.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
misp-projectmisp* ≤2.3.89

References 3

  • securityfocus.com http://www.securityfocus.com/bid/92739
  • github.com https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56
    Issue TrackingPatch
  • circl.lu https://www.circl.lu/advisory/CVE-2015-5721/
    Third Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56
    Issue TrackingPatch