Path traversal

2020-05-0714:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.

CPENameOperatorVersion
remote_kiln_controleq3.0.0 v4
remote_kiln_controlle3.0.0

CPE	Name	Operator	Version
	remote_kiln_control	eq	3.0.0 v4
	remote_kiln_control	le	3.0.0

References

github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md