CVE-2019-13597: OS Command Injection
First published: Sun Jul 14 2019(Updated: )
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sahipro Sahi Pro | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
CVE-2019-13597
What is the severity of CVE-2019-13597?
The severity of CVE-2019-13597 is critical, with a severity value of 9.8.
What is the affected software?
The affected software is Sahi Pro version 8.0.0.
How does CVE-2019-13597 allow command execution?
CVE-2019-13597 allows command execution through the _s_/sprm/_s_/dyn/Player_setScriptFile function, allowing the execution of ".sah" scripts via Sahi Launcher.
How can an attacker exploit CVE-2019-13597?
An attacker can exploit CVE-2019-13597 by creating a new script with an editor and executing commands on the server using the _execute() function.
- collector/nvd-index
- vendor/sahipro
- canonical/sahipro sahi pro
- version/sahipro sahi pro/8.0.0