CVE-2015-5719
NVD: app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
9.8 Severity
CRITICAL EPSS
0.0227 (81) KEV
-
Source-published summary
NVD: app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
Possible impact
This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.
Affected context
vendor/product: misp-project / misp
Remediation / advisory
Remediation reference present; patch status requires confirmation in the linked advisory.
Why it matters
This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.; CVSS 9.8 (CRITICAL); EPSS percentile 81; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD.
What to verify
Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.
Exposure hint
exposure unknown
Impact tags
Urgency reasons
Source-derived note
Summary derived from NVD description; unsafe procedural detail is not shown.
Redaction metadata
- source summary used
- True
- fallback summary used
- False
- unsafe procedural detail present
- false
- raw source displayed
- false
- public summary redacted
- true
Remediation handoff
Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.
Safety note
This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.