VYPR
High severity7.2OSV Advisory· Published Feb 12, 2018· Updated Jun 22, 2026

CVE-2018-6926

CVE-2018-6926

Description

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Misp/MispOSV2 versions
    v0.2, v2.3.0, v2.4.0, …+ 1 more
    • (no CPE)range: v0.2, v2.3.0, v2.4.0, …
    • (no CPE)range: <=2.4.87

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.