CVE-2019-18866

Name of the Vulnerable Software and Affected Versions: Blaauw Remote Kiln Control versions through v3.00r4

Description: The issue allows for unauthenticated SQL injection via the username in the login mechanism, enabling a user to extract arbitrary data from the rkc database.

Recommendations: For versions through v3.00r4, as a temporary workaround, consider restricting access to the login mechanism to minimize the risk of exploitation. Avoid using the username variable in the affected login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.