CVE-2021-20668

Arbitrary File Read in GROWI (GROWI のパストラバーサル)

An arbitrary path can be read if a remote attacker with administrative privilege accesses the affected product via a specially crafted URL

Disclosure Date

2021/03/07

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

CWE-22

Product-URLs

https://growi.org/

Reference