CVE-2019-14451

Name of the Vulnerable Software and Affected Versions Repetier-Server versions 0.8 through 0.91

Description The issue arises from improper validation of the XML data structure when uploading a new printer configuration. This can be exploited to achieve remote code execution by uploading an "external command" configuration as a printer configuration. The exploitation is dependent on combining this issue with another vulnerability. After successful exploitation, the loading of the external command configuration requires a system reboot or service restart.

Recommendations For Repetier-Server versions 0.8 through 0.91, update to a version that properly validates XML data structures to prevent remote code execution. As a temporary workaround, consider restricting the upload of new printer configurations until a patch is available.