Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NBlaauwproducts Remote Kiln Control
APPBlaauwproducts3.0.0≤ 3.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
Related vulnerabilities
CVE-2019-18869CRITICAL9.8ten sam produkt
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code ...
CVE-2019-18868CRITICAL9.8ten sam produkt
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in c...
CVE-2019-18872HIGH7.5ten sam produkt
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessabl...
CVE-2019-18867HIGH7.5ten sam produkt
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive f...
CVE-2019-18871HIGH8.8ten sam produkt
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an...