Lucene search
Iobroker Security Vulnerabilities
cve
Characters in the GET url path are not properly escaped and can be reflected in the server...
6.1CVSS
6.2AI Score
0.001EPSS
2019-11-25 11:15 PM
36
cve
An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. Note: The attacker has to be logged in if the authentication is enabled.....
7.5CVSS
7.4AI Score
0.002EPSS
2019-11-21 05:15 PM
38
cve
iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/...
9.8CVSS
9.3AI Score
0.005EPSS
2019-11-20 04:15 PM
40