CVE-2018-6926

CVE: CVE-2018-6926
Published: 2018-02-12T17:29Z
Description Language: en
Description: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
References:
https://github.com/MISP/MISP/commit/0a2aa9d52492d960b9a161160acedbe9caaa4126