Sahipro: >> Sahi Pro >> 5.1.2 Security Vulnerabilities
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
CVSS Score
9.8
EPSS Score
0.116
Published
2019-06-17
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
CVSS Score
7.5
EPSS Score
0.882
Published
2019-06-17
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-06-17
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-06-17