CVE-2019-13063

Name of the Vulnerable Software and Affected Versions Sahi Pro version 8.0.0

Description The issue allows an attacker to send a specially crafted URL to disclose files on the system via the script parameter on the "Script view" page. This results in file disclosure, enabling the attacker to obtain sensitive configuration and other files, potentially leading to complete application compromise. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.

Recommendations For Sahi Pro version 8.0.0, as a temporary workaround, consider restricting access to the "Script view" page and limiting the use of the script parameter to minimize the risk of exploitation. Avoid using the script parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.