Vulnerabilities > Blaauwproducts > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2019-18872 | Weak Password Requirements vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | 7.5 |
| 2020-05-07 | CVE-2019-18871 | Path Traversal vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | 8.8 |
| 2020-05-07 | CVE-2019-18866 | SQL Injection vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | 7.5 |
| 2020-05-07 | CVE-2019-18864 | Unspecified vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | 7.5 |
| 2020-05-07 | CVE-2019-18867 | Information Exposure vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. | 7.5 |