GHSA-w7p3-5r7j-j9pc: app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site...

November 28, 2025 • Source: GitHub Global Advisories

MISP before 2.5.27 has a path traversal vulnerability in app/Model/EventReport.php that allows site-admins to view pictures outside intended directories.

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.

This article is best viewed with JavaScript enabled. Visit: https://10alert.com/article/ghsa-w7p3-5r7j-j9pc-appmodeleventreportphp-in-misp-before-2527-allows-pa-4cace5fe