Shodan
Vulnerabilities
Vulnerable Software
Blaauwproducts:  >> Remote Kiln Control  Security Vulnerabilities
CVE-2019-18864
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-05-07
CVE-2019-18866
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-05-07
CVE-2019-18869
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-05-07
CVE-2019-18870
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
CVSS Score
6.5
EPSS Score
0.007
Published
2020-05-07
CVE-2019-18871
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.
CVSS Score
8.8
EPSS Score
0.034
Published
2020-05-07
CVE-2019-18872
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).
CVSS Score
7.5
EPSS Score
0.002
Published
2020-05-07
CVE-2019-18865
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-05-07
CVE-2019-18867
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-07
CVE-2019-18868
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved