Date: 07.09.2023 Affected Vendor: CIRCL – Computer Incident Response Center Luxembourg Affected Product: MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/ Vulnerable Version: 2.4.175 Fixed Version: 2.4.176 CVE: CVE-2023-48656 Vulnerability Details: MISP is vulnerable to blind SQL injection. The order named parameter in some areas of the application is injected into an SQL query without a proper escape. Credits: Dawid Czarnecki References: - https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 - https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f88 - https://cvepremium.circl.lu/cve/CVE-2023-48656 - https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 - https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074