Arbitrary File Upload and Remote Code Execution Vulnerability in Blaauw Remote Kiln Control v3.00r4
CVE-2019-18871 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.
Learn more about our Web Application Penetration Testing UK.