Goutham Madhwaraj

**Name of the Vulnerable Software and Affected Versions** Tyto Sahi Pro versions 6.x through 8.0.0 **Description** An issue in TestRunner Non distributed and distributed endpoints allows an attacker to execute arbitrary scripts on the remote Sahi Pro server due to the lack of an authentication mechanism. Additionally, the password-protected web interface for remote script access lacks server-side validation, enabling an attacker to create, modify, or delete scripts without a password. Combining these issues can result in remote code execution on the Sahi Pro server. **Recommendations** For Tyto Sahi Pro versions 6.x through 8.0.0, consider disabling the TestRunner Non distributed and distributed endpoints until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for remote script access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1 Description: An issue was discovered in the web reports module of the software, specifically in the "export to excel features", which are vulnerable to CSV injection. This allows an attacker to embed Excel formulas inside an automation script. When the script is exported after execution, it can result in code execution. Recommendations: For versions prior to 8.0.1, consider disabling the "export to excel features" in the web reports module as a temporary workaround until a patch is available. Restrict access to the web reports module to minimize the risk of exploitation. Avoid using the export functionality in the affected module until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1 Description: An issue was discovered in the web reports module of the software, where a parameter is vulnerable to h2 SQL injection. This allows attackers to inject SQL queries and run standard h2 system functions. Recommendations: For versions prior to 8.0.1, update to a version that contains a fix for this issue to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the web reports module until a patch is available. Avoid using vulnerable parameters in the affected module until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1 Description: A directory traversal issue exists in the web reports module, allowing an outside attacker to access sensitive files. Recommendations: For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1 Description: An issue was discovered in the logs web interface, which is vulnerable to stored XSS. Recommendations: For versions prior to 8.0.1, update to a version that contains a fix for this issue.