CVE-2019-18870

Published May 7th, 2020

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.

lodestone-security/CVEs

CVEs reported by Lodestone Security.

GitHub