PT-2018-9231 · Security Onion Solutions · Squert
Jeffrey Medsger
·
Published
2018-02-09
·
Updated
2018-02-28
·
CVE-2018-1000044
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Security Onion Solutions Squert versions 1.1.1 through 1.6.7
Description:
The issue is related to a SQL Injection vulnerability in the .inc/callback.php file. This vulnerability can be exploited via a web request to the .inc/callback.php endpoint with a malicious payload in the
sensors parameter, which is used in the ec() function. This allows for the execution of SQL commands.Recommendations:
For versions 1.1.1 through 1.6.7, update to version 1.7.0 to resolve the issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Squert