Blaauwproducts Remote_kiln_control
9 CVEs affecting Blaauwproducts Remote_kiln_control. Latest disclosed: 2020-05-07. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-18869 | Critical | 9.8 | 2020-05-07 | Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. |
CVE-2019-18868 | Critical | 9.8 | 2020-05-07 | Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lan… |
CVE-2019-18871 | High | 8.8 | 2020-05-07 | A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files… |
CVE-2019-18872 | High | 7.5 | 2020-05-07 | Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). |
CVE-2019-18866 | High | 7.5 | 2020-05-07 | Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data fro… |
CVE-2019-18864 | High | 7.5 | 2020-05-07 | /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host ma… |
CVE-2019-18867 | High | 7.5 | 2020-05-07 | Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. Th… |
CVE-2019-18870 | Medium | 6.5 | 2020-05-07 | A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary fi… |
CVE-2019-18865 | Medium | 5.3 | 2020-05-07 | Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated atta… |