CVE-2021-20669

Arbitrary File Read/Delete in GROWI (GROWI におけるパストラバーサル)

An arbitrary path can be read and/or deleted if a remote attacker with administrative privilege sends a specially crafted request

Disclosure Date

2021/03/07

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

CWE-22

Product-URLs

https://growi.org/

Reference