9.8
CVE-2024-29858
- EPSS 0.38%
- Veröffentlicht 21.03.2024 04:15:09
- Zuletzt bearbeitet 22.06.2026 19:23:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Misp-project ≫ Misp Version < 2.4.187
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.297 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-616 Incomplete Identification of Uploaded File Variables (PHP)
The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.
https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111