Disclosure Date 2021/03/07

CVE-2021-20671

Remote Code Execution in GROWI

GROWI における不適切な入力検証

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

CWE-20

Description

Invalid file validation on the upload feature allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution

Product-URLs

https://growi.org/

Reference

https://jvn.jp/en/vu/JVNVU94889258/index.html
https://nvd.nist.gov/vuln/detail/CVE-2021-20671
https://weseek.co.jp/security/2021/03/08/vulnerability/growi-prevent-multiple-xss/
https://www.youtube.com/watch?v=EGxHCCsaphk

Back

CVE-2021-20671

Credit

Affected-Versions

CWE

Description

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ