Disclosure Date 2021/03/07

CVE-2021-20668

Arbitrary File Read in GROWI

GROWI のパストラバーサル

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

CWE-22

Description

An arbitrary path can be read if a remote attacker with administrative privilege accesses the affected product via a specially crafted URL

Product-URLs

https://growi.org/

Reference