CVE-2018-1000043

Name of the Vulnerable Software and Affected Versions: Security Onion Solutions Squert versions 1.0.1 through 1.6.7

Description: The issue is related to an OS Command Injection vulnerability. It can be exploited via a web request to the "/inc/callback.php" endpoint with a payload in the txdata parameter, used in tx() or transcript(), or the catdata parameter, used in cat(). This can result in the execution of OS commands.

Recommendations: For versions 1.0.1 through 1.6.7, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/inc/callback.php" endpoint and avoiding the use of the txdata and catdata parameters until the update is applied.