Iobroker: >> Iobroker.js-Controller >> 0.14.0 Security Vulnerabilities
An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled).
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-21