1. Home
  2. CVE Database
  3. CVE-2018-1000042
CRITICAL · 9.8

CVE-2018-1000042

Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.p...

Vulnerability Description

Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SecurityonionSquert>= 1.1.1, <= 1.6.7

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2018-1000042?

CVE-2018-1000042 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.p...

How severe is CVE-2018-1000042?

CVE-2018-1000042 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1000042?

Check the references section above for vendor advisories and patch information. Affected products include: Securityonion Squert.