PT-2018-9229 · Security Onion Solutions · Squert

Jeffrey Medsger

Published

2018-02-09

Updated

2018-03-01

CVE-2018-1000042

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Security Onion Solutions Squert versions 1.3.0 through 1.6.7

Description: The issue is related to an OS Command Injection vulnerability in the .inc/callback.php file. This can result in the execution of OS commands. The attack is exploitable via a web request to .inc/callback.php with a payload in the data or obj parameters, used in the autocat() function.

Recommendations: For versions 1.3.0 through 1.6.7, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the .inc/callback.php file and avoiding the use of the data and obj parameters in the autocat() function until the update is applied.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-1000042

Affected Products

Squert

PT-2018-9229 · Security Onion Solutions · Squert

CVE-2018-1000042

Weakness Enumeration

Related Identifiers

Affected Products

References · 3