CVE-2015-5721
NONE EPSS 83.5%
Published Sep 3, 20169y ago · Modified Jun 23, 20261w ago
Published Sep 3, 2016 9y ago
Last Modified Jun 23, 2026 1w ago
Description
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
Threat Intelligence
EPSS Exploit Probability
83.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| misp-project | misp | * | ≤2.3.89 |
References 3
- securityfocus.com http://www.securityfocus.com/bid/92739
- github.com https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56
- circl.lu https://www.circl.lu/advisory/CVE-2015-5721/
Remediation
- github.com https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56