Disclosure Date 2021/03/07

CVE-2021-20669

Arbitrary File Read/Delete in GROWI

GROWIのパストラバーサル

Credit

stypr (@stereotype32)

Affected-Versions

  • 4.2.2 and earlier

CWE

CWE-22

Description

An arbitrary path can be read and/or deleted if a remote attacker with administrative privilege sends a specially crafted request

Product-URLs

https://growi.org/

Back