CRITICALpublic-safe

CVE-2015-5721

NVD: Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.

CVSS
9.8 Severity
CRITICAL EPSS
0.0261 (83) KEV
-

Source-published summary

Possible impact

Source describes remote exposure. Possible impact: This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.

Affected context

vendor/product: misp-project / misp

Remediation / advisory

Remediation reference present; patch status requires confirmation in the linked advisory.

Why it matters

Source describes remote exposure. Possible impact: This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.; CVSS 9.8 (CRITICAL); EPSS percentile 83; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD.

What to verify

Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.

Exposure hint

remote exposure

Impact tags

remote exposure relevant

Urgency reasons

CVSS CRITICALaffected product presentvendor advisory presentrecent updateremediation reference present

Source-derived note

Summary derived from NVD description; unsafe procedural detail is not shown.

Redaction metadata

source summary used: True
fallback summary used: False
unsafe procedural detail present: false
raw source displayed: false
public summary redacted: true

Remediation handoff

Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.

Handoff JSON Handoff Markdown Safe Codex prompt

Safety note

This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.