First published: Sun Jul 14 2019(Updated: )
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sahipro Sahi Pro | =8.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-13597
The severity of CVE-2019-13597 is critical, with a severity value of 9.8.
The affected software is Sahi Pro version 8.0.0.
CVE-2019-13597 allows command execution through the _s_/sprm/_s_/dyn/Player_setScriptFile function, allowing the execution of ".sah" scripts via Sahi Launcher.
An attacker can exploit CVE-2019-13597 by creating a new script with an editor and executing commands on the server using the _execute() function.