CVE-2019-15102

Name of the Vulnerable Software and Affected Versions Tyto Sahi Pro versions 6.x through 8.0.0

Description An issue in TestRunner Non distributed and distributed endpoints allows an attacker to execute arbitrary scripts on the remote Sahi Pro server due to the lack of an authentication mechanism. Additionally, the password-protected web interface for remote script access lacks server-side validation, enabling an attacker to create, modify, or delete scripts without a password. Combining these issues can result in remote code execution on the Sahi Pro server.

Recommendations For Tyto Sahi Pro versions 6.x through 8.0.0, consider disabling the TestRunner Non distributed and distributed endpoints until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for remote script access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.