First published: Mon Jun 17 2019(Updated: )
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sahipro Sahi Pro | <=8.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20469 is a SQL injection vulnerability in Tyto Sahi Pro through 7.x.x and 8.0.0.
CVE-2018-20469 has a severity rating of 9.8 (Critical).
CVE-2018-20469 affects Sahipro Sahi Pro versions up to and including 8.0.0.
The vulnerability in the web reports module of Tyto Sahi Pro allows for h2 SQL injection, which can be exploited to inject SQL queries and run standard h2 system functions.
There are no specific fixes or patches mentioned for CVE-2018-20469. It is recommended to update to a version of Sahipro Sahi Pro that is not affected by the vulnerability.