CVE-2019-10767

Published: Nov 21, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled).

Vendor	Product	Versions
n/a	iobroker.js-controller	affected `All versions prior to version 2.0.25`

References

https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda

x_refsource_MISC

https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-10767

Description

Affected Products

References