Disclosure Date 2021/03/07
CVE-2021-20669
Arbitrary File Read/Delete in GROWI
GROWI におけるパストラバーサル
Credit
stypr (@stereotype32)
Affected-Versions
GROWI: v4.2.2 and earlier
CWE
- CWE-22
Description
An arbitrary path can be read and/or deleted if a remote attacker with administrative privilege sends a specially crafted request
