CVE-2019-13063: Path Traversal
First published: Mon Sep 23 2019(Updated: )
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sahipro Sahi Pro | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-13063.
What is the severity of CVE-2019-13063?
CVE-2019-13063 has a severity value of 7.5 (High).
How can an attacker exploit CVE-2019-13063?
An attacker can exploit CVE-2019-13063 by sending a specially crafted URL to include any victim files on the system.
What software versions are affected by CVE-2019-13063?
Sahipro Sahi Pro version 8.0.0 is affected by CVE-2019-13063.
How can I mitigate the risk of CVE-2019-13063?
To mitigate the risk of CVE-2019-13063, it is recommended to update to a patched version of Sahipro Sahi Pro.
- collector/nvd-index
- vendor/sahipro
- canonical/sahipro sahi pro
- version/sahipro sahi pro/8.0.0