CVE-2018-18763
published 2018-11-16CVE-2018-18763: SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.21%
86.6th percentile
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltos | saltos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SQL injection attempts against SaltOS by monitoring POST requests to index.php with the parameter combination action=ajax, query=numbers, page=usuarios, and a non-trivial action2 value containing SQL metacharacters or URL-encoded SQL payloads. ↗
- →Flag HTTP responses containing the header 'X-Powered-By: SaltOS v3.1 r8126' as running a vulnerable version of SaltOS. ↗
- →The exploit uses a User-Agent string 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0' — correlate this UA with suspicious POST requests to SaltOS index.php endpoints. ↗
- ·The exploit targets specifically SaltOS version 3.1 r8126; other versions in the 3.x branch may also be affected but are not confirmed by this PoC. ↗
- ·The PoC was tested on both Windows 7 x64 and Kali Linux x64 environments, indicating the vulnerability is platform-independent. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-11-16
Published