Disclosure Date 2021/03/07
CVE-2021-20669
Arbitrary File Read/Delete in GROWI
GROWIのパストラバーサル
Credit
stypr (@stereotype32)
Affected-Versions
- 4.2.2 and earlier
CWE
CWE-22
Description
An arbitrary path can be read and/or deleted if a remote attacker with administrative privilege sends a specially crafted request