First published: Fri Nov 17 2023(Updated: )
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
|Affected Software||Affected Version||How to fix|
|Misp-project Malware Information Sharing Platform||<2.4.176|
CVE-2023-48658 is an issue discovered in MISP before version 2.4.176 where the app/Model/AppModel.php file lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
CVE-2023-48658 has a severity level of critical with a CVSS score of 9.8.
CVE-2023-48658 affects versions of MISP up to, but not including, version 2.4.176.
To fix the vulnerability in MISP, please update to version 2.4.176 or later.
You can find more information about CVE-2023-48658 in the references provided: [GitHub Comparison](https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176), [GitHub Commit](https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d).