CVE-2019-18867

Name of the Vulnerable Software and Affected Versions: Blaauw Remote Kiln Control versions through v3.00r4

Description: The issue allows an attacker to enumerate sensitive filenames and locations, including source code, due to browsable directories. This affects several directories, including /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.

Recommendations: For versions through v3.00r4, restrict access to the affected directories to minimize the risk of exploitation. Consider implementing proper access controls and directory permissions to prevent unauthorized access. As a temporary workaround, consider disabling access to the sensitive directories until a patch is available.