Sahi Pro Security Vulnerabilities and Issues — Sahi Pro CVE List

Lucene search

SahiproSahi Pro

8 matches found

CVE•added 2019/07/14 6:15 p.m.•133 views

CVE-2019-13597

s /sprm/s /dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.

9.8CVSS9.6AI score0.50447EPSS

CVE•added 2019/06/17 2:15 p.m.•75 views

CVE-2018-20470

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.

7.5CVSS7.3AI score0.88207EPSS

CVE•added 2019/06/17 2:15 p.m.•68 views

CVE-2018-20472

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.

5.4CVSS5.5AI score0.00306EPSS

CVE•added 2019/09/23 3:15 p.m.•61 views

CVE-2019-13063

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and o...

7.5CVSS7.3AI score0.16031EPSS

CVE•added 2019/06/17 2:15 p.m.•60 views

CVE-2018-20469

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

9.8CVSS9.7AI score0.11603EPSS

CVE•added 2019/10/29 7:15 p.m.•58 views

CVE-2019-13066

Sahi Pro 8.0.0 has a script manager arena located at s /dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger r...

6.1CVSS6.2AI score0.00288EPSS

CVE•added 2019/06/17 2:15 p.m.•42 views

CVE-2018-20468

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.

8.8CVSS8.9AI score0.00376EPSS

CVE•added 2019/09/06 5:15 p.m.•38 views

CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface inten...

9.8CVSS9.9AI score0.0454EPSS