VYPR
High severity7.5NVD Advisory· Published Nov 21, 2019· Updated Jun 17, 2026

CVE-2019-10767

CVE-2019-10767

Description

An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. Note: The attacker has to be logged in if the authentication is enabled (by default isn't enabled).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
iobroker.js-controllernpm
< 2.0.252.0.25

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.