Blaauwproducts Remote Kiln Control — known CVE vulnerabilities
Every CVE whose affected-product data names Blaauwproducts Remote Kiln Control, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2019-18868 — CVSS 9.8 (critical): Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc…
CVE-2019-18869 — CVSS 9.8 (critical): Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
CVE-2019-18871 — CVSS 8.8 (high): A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to…
CVE-2019-18872 — CVSS 7.5 (high): Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).
CVE-2019-18866 — CVSS 7.5 (high): Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to…
CVE-2019-18867 — CVSS 7.5 (high): Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations…
CVE-2019-18864 — CVSS 7.5 (high): /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive…
CVE-2019-18870 — CVSS 6.5 (medium): A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to…
CVE-2019-18865 — CVSS 5.3 (medium): Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an…