mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-28 01:00:31 +00:00
Sahi pro 7.x 8.x Arbitrary File Read (CVE-2018-20470)
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
FOFA query rule: body="s/spr/" || "sahisid" || title="Sahi Launcher"
Demo
