← back
CVE-2018-20469

CVE-2018-20469

EPSS 18.5%
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/153331/Sahi-Pro-8.x-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47006unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/153331/Sahi-Pro-8.x-SQL-Injection.htmlhttps://barriersec.com/2019/06/cve-2018-20469-sahi-pro/