CVE-2023-48656:

0.0 CVSS

Description

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

Classification

CVE ID: CVE-2023-48656

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.13% (probability of being exploited)

EPSS Percentile: 48.7% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176
https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074
https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/

Timeline