CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.045

EPSS Ranking 88.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2019-15102

Sahipro » Sahi Pro » Version: 6.0.0

cpe:2.3:a:sahipro:sahi_pro:6.0.0
Sahipro » Sahi Pro » Version: 6.0.1

cpe:2.3:a:sahipro:sahi_pro:6.0.1
Sahipro » Sahi Pro » Version: 6.1.0

cpe:2.3:a:sahipro:sahi_pro:6.1.0
Sahipro » Sahi Pro » Version: 6.2.0

cpe:2.3:a:sahipro:sahi_pro:6.2.0
Sahipro » Sahi Pro » Version: 6.2.1

cpe:2.3:a:sahipro:sahi_pro:6.2.1
Sahipro » Sahi Pro » Version: 6.3.0

cpe:2.3:a:sahipro:sahi_pro:6.3.0
Sahipro » Sahi Pro » Version: 6.3.1

cpe:2.3:a:sahipro:sahi_pro:6.3.1
Sahipro » Sahi Pro » Version: 6.3.2

cpe:2.3:a:sahipro:sahi_pro:6.3.2
Sahipro » Sahi Pro » Version: 7.0.0

cpe:2.3:a:sahipro:sahi_pro:7.0.0
Sahipro » Sahi Pro » Version: 7.0.1

cpe:2.3:a:sahipro:sahi_pro:7.0.1
Sahipro » Sahi Pro » Version: 7.5.0

cpe:2.3:a:sahipro:sahi_pro:7.5.0
Sahipro » Sahi Pro » Version: 8.0.0

cpe:2.3:a:sahipro:sahi_pro:8.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15102

Products

Pricing

Contact Us