Normaly bugs can only be used for remote hacking if you publish the Repetier-Server to the internet. In all other cases it is only hackable from your local intranet, where only trusted persons should have access. If you publish Repetier-Server to the internet we strongly recommend to define user accounts in Repetier-Server. All security bugs below are only usable, when no users were defined.
CVE-2019-14450
Type
Directory traversal bug in printer creation
Solution
Upgrade to Repetier-Server 0.92.0 (27. July 2019) or higher.
Thanks to Ryan Wincey of Blizzard for reporting.
CVE-2019-14451
Type
Insufficient validation on printer configuration file upload
Solution
Upgrade to Repetier-Server 0.92.0 (27. July 2019) or higher.
Thanks to Ryan Wincey of Blizzard for reporting.
