cbcvebase.

Blaauwproducts Remote Kiln Control vulnerabilities

9 known vulnerabilities affecting blaauwproducts/remote_kiln_control.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-18868P2CRITICALCVSS 9.8v3.0.0≤ 3.0.02020-05-07
CVE-2019-18868 [CRITICAL] CWE-312 CVE-2019-18868: Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL creden Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
nvd
CVE-2019-18871P3HIGHCVSS 8.8v3.0.0≤ 3.0.02020-05-07
CVE-2019-18871 [HIGH] CWE-22 CVE-2019-18871: A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.
nvd
CVE-2019-18869P3CRITICALCVSS 9.8fixed in 3.0.0v3.0.02020-05-07
CVE-2019-18869 [CRITICAL] CVE-2019-18869: Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
nvd
CVE-2019-18866P3HIGHCVSS 7.5v3.0.0≤ 3.0.02020-05-07
CVE-2019-18866 [HIGH] CWE-89 CVE-2019-18866: Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.
nvd
CVE-2019-18864P3HIGHCVSS 7.5v3.0.0≤ 3.0.02020-05-07
CVE-2019-18864 [HIGH] CVE-2019-18864: /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticat /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.
nvd
CVE-2019-18867P3HIGHCVSS 7.5fixed in 3.0.0v3.0.02020-05-07
CVE-2019-18867 [HIGH] CWE-200 CVE-2019-18867: Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate s Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.
nvd
CVE-2019-18872P3HIGHCVSS 7.5v3.0.0≤ 3.0.02020-05-07
CVE-2019-18872 [HIGH] CWE-521 CVE-2019-18872: Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short o Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).
nvd
CVE-2019-18870P3MEDIUMCVSS 6.5fixed in 3.0.0v3.0.02020-05-07
CVE-2019-18870 [MEDIUM] CWE-22 CVE-2019-18870: A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
nvd
CVE-2019-18865P4MEDIUMCVSS 5.3fixed in 3.0.0v3.0.02020-05-07
CVE-2019-18865 [MEDIUM] CWE-209 CVE-2019-18865: Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
nvd
Blaauwproducts Remote Kiln Control vulnerabilities | cvebase