CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13597

_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.504

EPSS Ranking 97.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://pentest.com.tr/exploits/Sahi-Pro-v8-x-Unauthenticated-RCE-Exploit-Python.html
https://www.exploit-db.com/exploits/47110
https://pentest.com.tr/exploits/Sahi-Pro-v8-x-Unauthenticated-RCE-Exploit-Python.html
https://www.exploit-db.com/exploits/47110

Products affected by CVE-2019-13597

Sahipro » Sahi Pro » Version: 8.0.0

cpe:2.3:a:sahipro:sahi_pro:8.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13597

Products

Pricing

Contact Us