Arbitrary File Upload and Remote Code Execution Vulnerability in Blaauw Remote Kiln Control v3.00r4

CVE-2019-18871 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.

Learn more about our Web Application Penetration Testing UK.