Advisories for Npm/Iobroker.js-Controller package

An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like admin. It is exploited using the administrative web panel with a request for an adapter file.