ioBroker.js-controller is vulnerable to directory traversal. An attacker is able to include file contents from outside of the /adapter/
directory via the administrative web panel using a request for an adapter file containing the ../
characters in the file name. Authentication is not enabled by default and allows unauthenticated access to the administrative web panel.