CVE-2018-1000042

Name of the Vulnerable Software and Affected Versions: Security Onion Solutions Squert versions 1.3.0 through 1.6.7

Description: The issue is related to an OS Command Injection vulnerability in the .inc/callback.php file. This can result in the execution of OS commands. The attack is exploitable via a web request to .inc/callback.php with a payload in the data or obj parameters, used in the autocat() function.

Recommendations: For versions 1.3.0 through 1.6.7, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the .inc/callback.php file and avoiding the use of the data and obj parameters in the autocat() function until the update is applied.