VYPR
Critical severity9.8OSV Advisory· Published Jun 22, 2018· Updated Jun 22, 2026

CVE-2018-12649

CVE-2018-12649

Description

An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Misp/MispOSV2 versions
    v0.2, v2.3.0, v2.4.0, …+ 1 more
    • (no CPE)range: v0.2, v2.3.0, v2.4.0, …
    • (no CPE)range: <=2.4.92

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.