Every CVE whose affected-product data names Sahipro Sahi Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-13597 — CVSS 9.8 (critical): _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher…
CVE-2018-20469 — CVSS 9.8 (critical): An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection…
CVE-2019-15102 — CVSS 9.8 (critical): An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any…
CVE-2018-20468 — CVSS 8.8 (high): An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable…
CVE-2019-13063 — CVSS 7.5 (high): Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on…
CVE-2018-20470 — CVSS 7.5 (high): An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the…
CVE-2019-13066 — CVSS 6.1 (medium): Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS…
CVE-2018-20472 — CVSS 5.4 (medium): An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.