VYPR

Sahi Pro

by Tyto

CVEs (3)

  • CVE-2018-20469CriJun 17, 2019
    risk 0.68cvss 9.8epss 0.19

    An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

  • CVE-2018-20470HigJun 17, 2019
    risk 0.55cvss 7.5epss 0.45

    An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.

  • CVE-2018-20472MedJun 17, 2019
    risk 0.38cvss 5.4epss 0.02

    An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.