CVE-2015-5721

critical

Published 2016-09-03 · Modified 2026-05-06

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

VIR risk

9.8

Description

Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
misp-project	malware_information_sharing_platform	`{"endIncluding":"2.3.89"}`

References

http://www.securityfocus.com/bid/92739
https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56
https://www.circl.lu/advisory/CVE-2015-5721/
http://www.securityfocus.com/bid/92739
https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56
https://www.circl.lu/advisory/CVE-2015-5721/

CWEs

CWE-94

💬 Discuss CVE-2015-5721 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.