First published: Mon Jun 17 2019(Updated: )
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sahipro Sahi Pro | <=8.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20468 is a vulnerability in Tyto Sahi Pro versions 7.x.x and 8.0.0 that allows for CSV injection through the web reports module's "export to excel features".
An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
CVE-2018-20468 has a severity rating of 8.8 (high).
Sahipro Sahi Pro versions 7.x.x and 8.0.0 are affected by CVE-2018-20468.
Yes, you can find more information about CVE-2018-20468 at [this link](https://barriersec.com/2019/06/cve-2018-20468-sahi-pro/).