CVE-2018-20468
First published: Mon Jun 17 2019(Updated: )
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sahipro Sahi Pro | <=8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-20468?
CVE-2018-20468 is a vulnerability in Tyto Sahi Pro versions 7.x.x and 8.0.0 that allows for CSV injection through the web reports module's "export to excel features".
How does CVE-2018-20468 work?
An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
What is the severity of CVE-2018-20468?
CVE-2018-20468 has a severity rating of 8.8 (high).
Which software is affected by CVE-2018-20468?
Sahipro Sahi Pro versions 7.x.x and 8.0.0 are affected by CVE-2018-20468.
Are there any references for CVE-2018-20468?
Yes, you can find more information about CVE-2018-20468 at [this link](https://barriersec.com/2019/06/cve-2018-20468-sahi-pro/).
- collector/nvd-index
- vendor/sahipro
- canonical/sahipro sahi pro
- version/sahipro sahi pro/8.0.0