2 matches found
CVE-2021-20669
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL...
CVE-2021-20669
GROWI (WESEEK) before version 4.2.20 is affected by CVE-2021-20669, a path traversal vulnerability. An attacker with administrator rights can read and/or delete arbitrary files by sending a specially crafted URL to GROWI 4.2.2 and earlier. The issue stems from improper path handling in requests, ...