3 matches found
CVE-2018-1000043
Security Onion Solutions Squert versions 1.0.1–1.6.7 are affected by CVE-2018-1000043, a CWE-78 OS Command Injection in .inc/callback.php. An attacker can exploit this via an HTTP request containing a payload in the txdata parameter (used in tx()/transcript()) or the catdata parameter (used in ca...
CVE-2018-1000042
CVE-2018-1000042 affects Security Onion Solutions Squert versions 1.3.0 through 1.6.7. The vulnerability is CWE-78 (OS Command Injection) in the .inc/callback.php file, allowing execution of OS commands when a web request with payloads in the data or obj parameters is processed by autocat(). The ...
CVE-2018-1000044
Security Onion Solutions Squert versions 1.1.1–1.6.7 contain a SQL injection in .inc/callback.php that can lead to execution of SQL commands via a web request with the payload in the sensors parameter (via ec()). The issue is fixed in version 1.7.0. Affected product: Squert; vulnerable component:...