CVE-2018-20469

CRITICAL

Sahipro Sahi Pro < 8.0.0 - SQL Injection

Title source: rule

Description

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

Exploits (1)

exploitdb WORKING POC

by Goutham Madhwaraj · textwebappsmultiple

https://www.exploit-db.com/exploits/47006

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153331/Sahi-Pro-8.x-SQL-Injection.html

[Exploit, Third Party Advisory] https://barriersec.com/2019/06/cve-2018-20469-sahi-pro/

Scores

CVSS v3 9.8

EPSS 0.0635

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

sahipro/sahi_pro < 8.0.0

Published Jun 17, 2019

Tracked Since Feb 18, 2026