2 matches found
GHSA-CMCH-296J-WFVW Arbitrary File Write in iobroker.js-controller
Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the...
Directory Traversal
ioBroker.js-controller is vulnerable to directory traversal. An attacker is able to include file contents from outside of the /adapter/ directory via the administrative web panel using a request for an adapter file containing the ../ characters in the file name. Authentication is not enabled by...