CVE-2023-48656 in MISPinfo

Summary

by MITRE • 11/17/2023

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 06/23/2026

The vulnerability identified in MISP versions prior to 2.4.176 represents a critical flaw in the application's database query handling mechanism within the AppModel.php file. This issue specifically affects how the system processes ORDER BY clauses in database queries, creating potential security implications that could be exploited by malicious actors. The flaw resides in the application model layer where input validation and query construction occur, making it a significant concern for systems relying on proper data sorting and retrieval mechanisms.

The technical implementation of this vulnerability stems from inadequate sanitization and validation of ORDER BY parameters within the database abstraction layer. When MISP processes user-supplied or dynamically generated order clauses, the system fails to properly validate or escape these components before incorporating them into SQL queries. This creates a scenario where an attacker could manipulate sorting parameters to influence query execution, potentially leading to information disclosure, denial of service conditions, or even unauthorized data access patterns. The vulnerability is classified under CWE-94 as an "Improper Control of Generation of Code" and aligns with ATT&CK technique T1059.008 for "Command and Scripting Interpreter: PowerShell" in contexts where query manipulation could be leveraged through command injection vectors.

The operational impact of this vulnerability extends beyond simple data ordering issues, as it could enable attackers to perform unauthorized data enumeration by manipulating sort parameters to reveal information about the underlying database structure or content. Systems utilizing MISP for threat intelligence sharing, incident response, or security operations would be particularly at risk since these platforms often handle sensitive security data and require robust query isolation. The flaw could potentially allow an attacker to infer database schema details through crafted ORDER BY clauses, leading to more sophisticated attacks against the overall system architecture.

Organizations should prioritize immediate patching of MISP installations to version 2.4.176 or later, which includes proper input validation and sanitization for ORDER BY clause handling. Additionally, implementing network-level restrictions on database access, employing proper parameterized queries throughout the application, and conducting regular security assessments of database interfaces can help mitigate potential exploitation attempts. The vulnerability also underscores the importance of validating all user inputs at multiple layers within web applications, particularly when dealing with dynamic query generation components that form part of the core application logic and data retrieval mechanisms.

Reservation

11/17/2023

Disclosure

11/17/2023

Moderation

accepted

CPE

ready

EPSS

0.00907

KEV

no

Activities

low

Sources

Do you need the next level of professionalism?

Upgrade your account now!