cbcvebase.
CVE-2018-18763
published 2018-11-16

CVE-2018-18763: SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.21%
86.6th percentile
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.

Affected

1 ranges
VendorProductVersion rangeFixed in
saltossaltos

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /[PATH]/index.php?action=ajax&query=numbers&page=usuarios&action2=[SQL]
urlhttps://excellmedia.dl.sourceforge.net/project/saltos/stable/SaltOS-3.1-8126.linux-i686.tgz
versionSaltOS v3.1 r8126
  • Detect SQL injection attempts against SaltOS by monitoring POST requests to index.php with the parameter combination action=ajax, query=numbers, page=usuarios, and a non-trivial action2 value containing SQL metacharacters or URL-encoded SQL payloads.
  • Flag HTTP responses containing the header 'X-Powered-By: SaltOS v3.1 r8126' as running a vulnerable version of SaltOS.
  • The exploit uses a User-Agent string 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0' — correlate this UA with suspicious POST requests to SaltOS index.php endpoints.
  • ·The exploit targets specifically SaltOS version 3.1 r8126; other versions in the 3.x branch may also be affected but are not confirmed by this PoC.
  • ·The PoC was tested on both Windows 7 x64 and Kali Linux x64 environments, indicating the vulnerability is platform-independent.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.