Skip to main content

Sahi Pro

4 CVEs product

Monthly

CVE-2019-13066 MEDIUM POC This Month

Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Sahi Pro
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-13063 HIGH POC THREAT This Week

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sahi Pro
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
27.2%
CVE-2019-15102 CRITICAL POC Act Now

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Sahi Pro
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-13597 CRITICAL POC THREAT Act Now

_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sahi Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.3%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Sahi Pro
NVD
EPSS 27% CVSS 7.5
HIGH POC THREAT This Week

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sahi Pro
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Sahi Pro
NVD
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Act Now

_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sahi Pro
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy