First published: Mon Sep 23 2019(Updated: )
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sahipro Sahi Pro | =8.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-13063.
CVE-2019-13063 has a severity value of 7.5 (High).
An attacker can exploit CVE-2019-13063 by sending a specially crafted URL to include any victim files on the system.
Sahipro Sahi Pro version 8.0.0 is affected by CVE-2019-13063.
To mitigate the risk of CVE-2019-13063, it is recommended to update to a patched version of Sahipro Sahi Pro.