An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2019-11-21T16:09:40
Updated: 2024-08-04T22:32:01.573Z
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10767
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-21T17:15:11.350
Modified: 2019-12-03T19:18:47.347
Link: CVE-2019-10767
Redhat
No data.