CVE-2018-20469: SQL Injection
First published: Mon Jun 17 2019(Updated: )
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sahipro Sahi Pro | <=8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-20469?
CVE-2018-20469 is a SQL injection vulnerability in Tyto Sahi Pro through 7.x.x and 8.0.0.
How severe is CVE-2018-20469?
CVE-2018-20469 has a severity rating of 9.8 (Critical).
What software versions are affected by CVE-2018-20469?
CVE-2018-20469 affects Sahipro Sahi Pro versions up to and including 8.0.0.
How can the CVE-2018-20469 vulnerability be exploited?
The vulnerability in the web reports module of Tyto Sahi Pro allows for h2 SQL injection, which can be exploited to inject SQL queries and run standard h2 system functions.
Are there any fixes or patches available for CVE-2018-20469?
There are no specific fixes or patches mentioned for CVE-2018-20469. It is recommended to update to a version of Sahipro Sahi Pro that is not affected by the vulnerability.
- collector/nvd-index
- agent/author
- vendor/sahipro
- canonical/sahipro sahi pro
- version/sahipro sahi pro/8.0.0