CVE-2019-14450

Name of the Vulnerable Software and Affected Versions Repetier-Server versions 0.8 through 0.91

Description A directory traversal issue allows the creation of a user-controlled XML file at an unintended location. This can be combined with another issue to upload an "external command" configuration as a printer configuration, achieving remote code execution. The exploitation is dependent on a system reboot or service restart after the initial setup.

Recommendations For Repetier-Server versions 0.8 through 0.91, as a temporary workaround, consider restricting access to the RepetierServer.exe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.