Disclosure Date 2021/03/07

CVE-2021-20668

Arbitrary File Read in GROWI

GROWIのパストラバーサル

Credit

stypr (@stereotype32)

Affected-Versions

4.2.2 and earlier

CWE

CWE-22

Description

An arbitrary path can be read if a remote attacker with administrative privilege accesses the affected product via a specially crafted URL

Product-URLs

https://growi.org/

Reference