Missing checkParam function for alphanumeric characters, underscore, dash, period, and space in MISP before 2.4.176

Missing checkParam function for alphanumeric characters, underscore, dash, period, and space in MISP before 2.4.176

CVE-2023-48658 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

Learn more about our Web Application Penetration Testing UK.