Disclosure Date 2021/03/07
CVE-2021-20668
Arbitrary File Read in GROWI
GROWIのパストラバーサル
Credit
stypr (@stereotype32)
Affected-Versions
- 4.2.2 and earlier
CWE
CWE-22
Description
An arbitrary path can be read if a remote attacker with administrative privilege accesses the affected product via a specially crafted URL