Lucene search
SnykCVELIST:CVE-2019-10767HistoryNov 21, 2019 - 4:09 p.m.
CVE-2019-10767
2019-11-2116:09:40
snyk
www.cve.org
0.002 Low
EPSS
Percentile
55.4%
An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like “admin”. It is exploited using the administrative web panel with a request for an adapter file. Note: The attacker has to be logged in if the authentication is enabled (by default isn’t enabled).
CNA Affected
[
{
"product": "iobroker.js-controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 2.0.25"
}
]
}
]Related
veracode
veracode
Directory Traversal
2019-11-22 03:16:26
osv
osv
CVE-2019-10767
2019-11-21 17:15:11
Arbitrary File Write in iobroker.js-controller
2019-12-02 18:06:14
githubexploit
githubexploit
Exploit for Path Traversal in Iobroker Iobroker.Js-Controller
2020-12-01 09:18:57
cve
cve
CVE-2019-10767
2019-11-21 17:15:11
nodejs
nodejs
Arbitrary File Write
2019-11-29 17:54:05
nvd
nvd
CVE-2019-10767
2019-11-21 17:15:11
github
github
Arbitrary File Write in iobroker.js-controller
2019-12-02 18:06:14
prion
prion
Authentication flaw
2019-11-21 17:15:00