CVE-2019-13063

HIGH

Sahi Pro 8.0.0 - Path Traversal and File Inclusion via Script Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-13063. PoCs published by Operat0r, 0x6b7966.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Sahi Pro 8.x via the `script` parameter in the `Script_view` endpoint. It allows an attacker to read arbitrary files from the server, such as the product key, by manipulating the URL path.

Description

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.

Exploits (2)

exploitdb WORKING POC

by Operat0r · pythonwebappsmultiple

https://www.exploit-db.com/exploits/47062

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Sahi Pro 8.x via the `script` parameter in the `Script_view` endpoint. It allows an attacker to read arbitrary files from the server, such as the product key, by manipulating the URL path.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sahi Pro 8.0

No auth needed

Prerequisites: Network access to the vulnerable Sahi Pro instance · Knowledge of the target URL and endpoint

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by 0x6b7966 · poc

https://github.com/0x6b7966/CVE-2019-13063-POC

View Code ZIP pw:eip

This repository contains a functional Python script that exploits a directory traversal vulnerability in Sahi-Pro's web application via the `?script=` parameter. The PoC sends a crafted URL to retrieve sensitive files and saves the response to a local file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sahi-Pro web application

No auth needed

Prerequisites: Network access to the vulnerable Sahi-Pro instance · Knowledge of the target file path

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://sahipro.com/downloads-archive/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/47062

Scores

CVSS v3 7.5

EPSS 0.2723

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

sahipro/sahi_pro 8.0.0

Published Sep 23, 2019

Tracked Since Feb 18, 2026