2 matches found
CVE-2019-13337
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter accesstoken this is the parameter used by the API. No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is...
CVE-2019-13337
WESEEK GROWI prior to 3.5.0 is affected. A flaw in site-wide basic authentication allows bypass by supplying the URL parameter access_token (the API parameter). No valid token is validated by the backend, enabling the website to be browsed as if authentication were not required. The core issue is...