cbcvebase.
CVE-2019-13063
published 2019-09-23

CVE-2019-13063: Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
27.23%
97.8th percentile
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.

Affected

1 ranges
VendorProductVersion rangeFixed in
sahiprosahi_pro

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://10.0.0.167:9999/_s_/dyn/Script_view?script=/config/productkey.txt
path/_s_/dyn/Script_view
path/config/productkey.txt
port9999
  • Detect directory traversal attempts targeting the `script` parameter on the Script_view endpoint; look for `../` sequences or absolute path references in the query string.
  • Monitor HTTP GET requests to `/_s_/dyn/Script_view` with a `script` parameter containing path traversal sequences (`../`) or references to sensitive files such as `/config/productkey.txt`.
  • Flag inbound requests to Sahi Pro (default port 9999) where the `script` query parameter references files outside the application's intended directory (local file inclusion) or external URLs (remote file inclusion).
  • ·The PoC uses a hardcoded test IP (10.0.0.167); real-world exploitation will target any reachable Sahi Pro instance, so detection rules should not be scoped to a specific IP.
  • ·Sahi Pro 8.0.0 is confirmed vulnerable; the exploit was tested on both Linux Ubuntu and Windows 7, so detection should be platform-agnostic.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.