Aggregates CVE and security vulnerability intelligence across all blaauwproducts-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk sql injection, with potential vendor impact file overwrite and vendor impact data exposure across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-18872 | Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | [email protected] | 7.5 | 0.92% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18871 | A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | [email protected] | 8.8 | 2.54% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18870 | A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. | [email protected] | 6.5 | 1.14% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18869 | Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. | [email protected] | 9.8 | 1.32% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18866 | Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | [email protected] | 7.5 | 1.16% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18864 | /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | [email protected] | 7.5 | 1.27% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18868 | Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | [email protected] | 9.8 | 0.84% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18867 | Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. | [email protected] | 7.5 | 1.22% | 2020-05-07 | 2026-06-16 |
| CVE-2019-18865 | Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. | [email protected] | 5.3 | 1.12% | 2020-05-07 | 2026-06-16 |