HIGH🇵🇱 Wersja polska

CVE-2019-18871

CVSS 8.8v3.1pub. 2020-05-07upd. 2024-11-21

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Blaauwproducts Remote Kiln Control

    APP
    Blaauwproducts
    3.0.0≤ 3.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2019-18869CRITICAL9.8ten sam produkt

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code ...

CVE-2019-18868CRITICAL9.8ten sam produkt

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in c...

CVE-2019-18867HIGH7.5ten sam produkt

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive f...

CVE-2019-18872HIGH7.5ten sam produkt

Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessabl...

CVE-2019-18866HIGH7.5ten sam produkt

Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3...