Blaauwproducts Remote_kiln_control

9 CVEs affecting Blaauwproducts Remote_kiln_control. Latest disclosed: 2020-05-07. Critical: 2, High: 5.

Top CVEs affecting Blaauwproducts Remote_kiln_control
CVESeverityScorePublishedSummary
CVE-2019-18869Critical9.82020-05-07Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
CVE-2019-18868Critical9.82020-05-07Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lan…
CVE-2019-18871High8.82020-05-07A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files…
CVE-2019-18872High7.52020-05-07Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).
CVE-2019-18866High7.52020-05-07Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data fro…
CVE-2019-18864High7.52020-05-07/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host ma…
CVE-2019-18867High7.52020-05-07Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. Th…
CVE-2019-18870Medium6.52020-05-07A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary fi…
CVE-2019-18865Medium5.32020-05-07Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated atta…