cbcvebase.

Repetier-Server vulnerabilities

5 known vulnerabilities affecting repetier-server/repetier-server.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2023-31059P1HIGHCVSS 7.5ExploitedPoC≤ 1.4.102023-04-24
CVE-2023-31059 [HIGH] CWE-22 CVE-2023-31059: Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain crede Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
nvd
CVE-2019-14451P3CRITICALCVSS 9.8≥ 0.80, ≤ 0.912019-10-25
CVE-2019-14451 [CRITICAL] CVE-2019-14451: RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data struc RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the
nvd
CVE-2019-14450P2CRITICALCVSS 9.8≥ 0.80, ≤ 0.912019-10-28
CVE-2019-14450 [CRITICAL] CWE-22 CVE-2019-14450: A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 thro A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code e
nvd
CVE-2023-31060P3CRITICALCVSS 9.8≤ 1.4.102023-04-24
CVE-2023-31060 [CRITICAL] CVE-2023-31060: Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-202 Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.
nvd
CVE-2023-31061P3HIGHCVSS 8.8≤ 1.4.102023-04-24
CVE-2023-31061 [HIGH] CWE-352 CVE-2023-31061: Repetier Server through 1.4.10 does not have CSRF protection. Repetier Server through 1.4.10 does not have CSRF protection.
nvd
Repetier-Server vulnerabilities | cvebase