Vulnerability Description
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sahipro | Sahi Pro | 8.0.0 |
Related Weaknesses (CWE)
References
- https://sahipro.com/downloads-archive/Vendor Advisory
- https://www.exploit-db.com/exploits/47062ExploitThird Party AdvisoryVDB Entry
- https://sahipro.com/downloads-archive/Vendor Advisory
- https://www.exploit-db.com/exploits/47062ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2019-13063?
CVE-2019-13063 is a vulnerability with a CVSS score of 7.5 (HIGH). Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e...
How severe is CVE-2019-13063?
CVE-2019-13063 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13063?
Check the references section above for vendor advisories and patch information. Affected products include: Sahipro Sahi Pro.