CRITICAL🇵🇱 Wersja polska

CVE-2019-18868

CVSS 9.8v3.1pub. 2020-05-07upd. 2024-11-21

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Blaauwproducts Remote Kiln Control

    APP
    Blaauwproducts
    3.0.0≤ 3.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-18869CRITICAL9.8ten sam produkt

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code ...

CVE-2019-18866HIGH7.5ten sam produkt

Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3...

CVE-2019-18867HIGH7.5ten sam produkt

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive f...

CVE-2019-18872HIGH7.5ten sam produkt

Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessabl...

CVE-2019-18871HIGH8.8ten sam produkt

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an...