Vulnerability Description
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blaauwproducts | Remote Kiln Control | < 3.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unExploitThird Party Advisory
- https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unExploitThird Party Advisory
FAQ
What is CVE-2019-18870?
CVE-2019-18870 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
How severe is CVE-2019-18870?
CVE-2019-18870 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18870?
Check the references section above for vendor advisories and patch information. Affected products include: Blaauwproducts Remote Kiln Control.