CVE-2018-20470
published 2019-06-17CVE-2018-20470: An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module…
PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
45.05%
98.6th percentile
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sahipro | sahi_pro | <= 8.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to the path /_s_/dyn/Log_highlight with a traversal sequence (e.g., ../../../../) in the 'href' query parameter, targeting sensitive files such as windows/win.ini. ↗
- →A successful exploitation response (HTTP 200) will contain the strings 'bit app support', 'fonts', and 'extensions' in the response body — characteristic content of windows/win.ini. ↗
- →The vulnerability resides in the web reports module of Tyto Sahi Pro; monitor HTTP traffic targeting the /_s_/dyn/ endpoint namespace for directory traversal patterns. ↗
- ·The traversal payload shown targets Windows hosts (win.ini); the vulnerability affects both Windows and potentially other OS deployments of Sahi Pro — adjust traversal paths accordingly for non-Windows targets. ↗
- ·Affected versions are Tyto Sahi Pro through 7.x.x and 8.0.0 only; detections should be scoped to these versions to reduce false positives. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hpvw-59r6-c925: An issue was discovered in Tyto Sahi Pro through 7
ghsa_unreviewed·2022-05-24
CVE-2018-20470 [HIGH] CWE-22 GHSA-hpvw-59r6-c925: An issue was discovered in Tyto Sahi Pro through 7
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
VulnCheck
sahipro sahi_pro Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2018·CVSS 7.5
CVE-2018-20470 [HIGH] sahipro sahi_pro Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
sahipro sahi_pro Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
Affected: sahipro sahi_pro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-28&host_type=src&vulnerability=cve-2018-20470; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-04&host_type=src&vulnerability=cve-2018-2047
No detection rules found.
Exploit-DB
Sahi pro 7.x/8.x - Directory Traversal
exploitdb·2019-06-18·CVSS 7.5
CVE-2018-20470 [HIGH] Sahi pro 7.x/8.x - Directory Traversal
Sahi pro 7.x/8.x - Directory Traversal
---
# Exploit Title: Sahi pro ( :/_s_/dyn/Log_highlight?href=../../../../windows/win.ini&n=1#selected
Nuclei
Tyto Sahi pro 7.x/8.x - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-20470 [HIGH] Tyto Sahi pro 7.x/8.x - Local File Inclusion
Tyto Sahi pro 7.x/8.x - Local File Inclusion
Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files.
Template:
id: CVE-2018-20470
info:
name: Tyto Sahi pro 7.x/8.x - Local File Inclusion
author: daffainfo
severity: high
description: |
Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
remediation: |
Apply the latest security patches or upgrade to a patched version of Tyto Sahi
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
bugzilla·2018-01-12·CVSS 5.9
CVE-2018-1000119 [MEDIUM] CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
A flaw was found in rack-protection. Versions prior to 2.0.0.rc3 of the package are vulnerable to Timing Attack due to time-variable comparison of signatures. A malicious user can guess a valid signature one char at a time by considering the time it takes a signature validation to fail.
References:
https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
Patch:
https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
Discussion:
Created rubygem-rack-protection tracking bugs for this issue:
Affects: epel-7 [bug 1534028]
Affects: fedora-26 [bug 1534029]
---
Created pcs tracking bugs for this issue:
Affects: openstack-rdo [bug 1554872]
---
This
2019-06-17
Published
Exploited in the wild