CVE-2019-13597

Name of the Vulnerable Software and Affected Versions Sahi Pro version 8.0.0

Description The issue allows command execution via the Player setScriptFile function in Sahi Pro. This enables running .sah scripts through Sahi Launcher and creating new scripts with an editor. It is also possible to execute commands on the server using the execute() function.

Recommendations For Sahi Pro version 8.0.0, consider disabling the execute() function as a temporary workaround until a patch is available. Restrict access to the Player setScriptFile function to minimize the risk of exploitation. Avoid using the Player setScriptFile function in the affected API endpoint until the issue is resolved.