CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...

Arbitrary File Write in iobroker.admin

Versions of iobroker.admin prior to 3.6.12 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended folder in the /log/ route, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform...

Arbitrary File Write

Overview Versions of iobroker.admin prior to 3.6.12 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended folder in the /log/ route, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated t...

CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...

CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...

Directory traversal

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...

CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...