CVE-2018-20468

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1

Description: An issue was discovered in the web reports module of the software, specifically in the "export to excel features", which are vulnerable to CSV injection. This allows an attacker to embed Excel formulas inside an automation script. When the script is exported after execution, it can result in code execution.

Recommendations: For versions prior to 8.0.1, consider disabling the "export to excel features" in the web reports module as a temporary workaround until a patch is available. Restrict access to the web reports module to minimize the risk of exploitation. Avoid using the export functionality in the affected module until the issue is resolved.