RSS   Vulnerabilities for 'Sahi pro'   RSS

2019-06-17
 
CVE-2018-20472

CWE-79
 

 
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.

 
 
CVE-2018-20469

CWE-89
 

 
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

 
 
CVE-2018-20468

CWE-74
 

 
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.

 


Copyright 2019, cxsecurity.com

 

Back to Top