Disclosure Date 2021/03/07
CVE-2021-20671
Remote Code Execution in GROWI
GROWI における不適切な入力検証
Credit
stypr (@stereotype32)
Affected-Versions
GROWI: v4.2.2 and earlier
CWE
- CWE-20
Description
Invalid file validation on the upload feature allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution