CVE-2018-20470

HIGH EXPLOITED NUCLEI

Sahipro Sahi Pro < 8.0.0 - Path Traversal

Title source: rule

Description

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.

Exploits (1)

exploitdb WORKING POC

by Goutham Madhwaraj · textwebappsmultiple

https://www.exploit-db.com/exploits/47005

View Code ZIP pw:eip

Nuclei Templates (1)

Tyto Sahi pro 7.x/8.x - Local File Inclusion

HIGHby daffainfo

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153330/Sahi-Pro-7.x-8.x-Directory-Traversal.html

[Exploit, Third Party Advisory] https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/

Scores

CVSS v3 7.5

EPSS 0.8223

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-28

CWE

CWE-22

Status published

Products (1)

sahipro/sahi_pro < 8.0.0

Published Jun 17, 2019

Tracked Since Feb 18, 2026