CVE-2018-20469

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1

Description: An issue was discovered in the web reports module of the software, where a parameter is vulnerable to h2 SQL injection. This allows attackers to inject SQL queries and run standard h2 system functions.

Recommendations: For versions prior to 8.0.1, update to a version that contains a fix for this issue to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the web reports module until a patch is available. Avoid using vulnerable parameters in the affected module until the issue is resolved.