Vulnerability Details CVE-2018-1000044
Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-1000044
-
cpe:2.3:a:securityonion:squert:1.1.1
-
cpe:2.3:a:securityonion:squert:1.1.2
-
cpe:2.3:a:securityonion:squert:1.1.3
-
cpe:2.3:a:securityonion:squert:1.1.4
-
cpe:2.3:a:securityonion:squert:1.1.5
-
cpe:2.3:a:securityonion:squert:1.1.6
-
cpe:2.3:a:securityonion:squert:1.1.7
-
cpe:2.3:a:securityonion:squert:1.1.8
-
cpe:2.3:a:securityonion:squert:1.1.9
-
cpe:2.3:a:securityonion:squert:1.2.0
-
cpe:2.3:a:securityonion:squert:1.3.0
-
cpe:2.3:a:securityonion:squert:1.4.0
-
cpe:2.3:a:securityonion:squert:1.5.0
-
cpe:2.3:a:securityonion:squert:1.6.7