Disclosure Date 2021/03/07
CVE-2021-20671
Remote Code Execution in GROWI
GROWIのリモートコード実行
Credit
stypr (@stereotype32)
Affected-Versions
- 4.2.2 and earlier
CWE
CWE-20
Description
Invalid file validation on the upload feature allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution