CVE-2018-18761 in SaltOS
Summary
by MITRE
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/03/2025
SaltOS 3.1 r8126 contains a critical sql injection vulnerability that affects the authentication mechanism through the action=login parameter. The vulnerability occurs when user input is directly incorporated into sql query strings without proper sanitization or parameterization, allowing malicious actors to inject arbitrary sql commands. This flaw resides in the querystring parameter handling where the user input is processed without adequate validation, creating a direct path for sql injection attacks. The vulnerability is classified under cwe-89 sql injection as it involves the execution of unauthorized sql commands through user-controllable input fields. Attackers can exploit this weakness to bypass authentication, extract sensitive data from the database, modify or delete records, and potentially gain full administrative control over the system. The impact extends beyond simple authentication bypass as it can lead to complete system compromise and data exfiltration. This vulnerability aligns with attack technique t1190 exploitation for credential access within the mitre att&ck framework, specifically targeting the credential access phase where adversaries seek to obtain unauthorized access to systems. The flaw demonstrates poor input validation practices and inadequate parameter binding mechanisms in the application's sql query construction process. Organizations using SaltOS 3.1 r8126 should immediately implement proper input sanitization, parameterized queries, and output encoding to prevent sql injection attacks. The vulnerability represents a significant risk to system integrity and data confidentiality, warranting immediate remediation through patching or code modification to address the root cause of the insecure sql query construction. Security teams should conduct comprehensive vulnerability assessments to identify similar injection points throughout the application and implement web application firewalls as additional protective measures. The affected system configuration allows for remote code execution through sql injection, making it a critical priority for immediate mitigation and system hardening.