CVE-2015-5719 - app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92

CVE-2015-5719

Summary

app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.

References

Vulnerable Configurations

cpe:2.3:a:misp-project:malware_information_sharing_platform:0.1:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:0.1:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:0.2:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:0.2:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.1:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.1:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.15:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.15:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.16:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.16:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.17:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.17:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.18:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.18:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.19:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.19:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.20:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.20:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.21:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.21:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.22:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.22:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.23:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.23:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.24:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.24:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.25:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.25:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.26:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.26:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.27:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.27:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.28:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.28:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.29:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.29:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.30:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.30:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.31:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.31:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.32:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.32:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.33:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.33:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.34:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.34:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.35:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.35:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.36:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.36:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.37:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.37:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.38:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.38:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.39:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.39:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.40:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.40:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.41:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.41:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.42:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.42:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.43:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.43:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.44:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.44:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.45:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.45:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.46:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.46:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.47:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.47:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.48:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.48:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.49:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.49:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.50:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.50:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.51:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.51:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.52:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.52:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.53:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.53:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.54:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.54:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.55:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.55:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.56:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.56:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.57:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.57:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.58:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.58:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.59:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.59:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.60:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.60:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.61:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.61:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.62:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.62:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.63:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.63:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.64:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.64:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.65:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.65:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.66:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.66:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.67:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.67:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.68:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.68:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.69:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.69:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.70:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.70:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.71:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.71:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.72:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.72:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.73:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.73:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.74:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.74:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.75:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.75:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.76:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.76:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.77:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.77:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.78:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.78:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.79:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.79:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.80:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.80:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.81:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.81:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.82:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.82:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.83:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.83:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.84:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.84:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.85:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.85:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.87:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.87:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.88:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.88:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.89:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.89:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.90:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.90:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.91:*:*:*:*:*:*:*
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.91:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 28-11-2016 - 19:35)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	92740
confirm	https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699 https://www.circl.lu/advisory/CVE-2015-5719/

Last major update

28-11-2016 - 19:35

Published

03-09-2016 - 20:59

Last modified

28-11-2016 - 19:35