CVE-2021-20671

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
10/03/2021
Last modified:
17/03/2021

Description

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:weseek:growi:4.2.2:*:*:*:*:*:*:*