HIGH🇬🇧 English

CVE-2019-18867

CVSS 7.5v3.1pub. 2020-05-07upd. 2024-11-21

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Blaauwproducts Remote Kiln Control

    APP
    Blaauwproducts
    3.0.0< 3.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-18869CRITICAL9.8ten sam produkt

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code ...

CVE-2019-18868CRITICAL9.8ten sam produkt

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in c...

CVE-2019-18872HIGH7.5ten sam produkt

Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessabl...

CVE-2019-18866HIGH7.5ten sam produkt

Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3...

CVE-2019-18871HIGH8.8ten sam produkt

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an...