CVE-2015-5721

Published: Sep 3, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.

Affected (1)

Products: Misp Project: Malware Information Sharing Platform

Misp Project

1 product

Malware Information Sharing Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Misp Project Malware Information Sharing Platform	Up to 2.3.89

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://www.securityfocus.com/bid/92739

Source: cve@mitre.org

https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56

Source: cve@mitre.org

Issue TrackingPatch

https://www.circl.lu/advisory/CVE-2015-5721/

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/92739

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://www.circl.lu/advisory/CVE-2015-5721/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.