Description
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/weseek/growi
Product, Third Party Advisory x_refsource_misc
https://hub.docker.com/r/weseek/growi/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN94169589/index.html
Scores
CVSS v3
7.5
EPSS
0.0298
EPSS Percentile
85.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
weseek/growi
< 3.8.2
Published
Dec 16, 2020
Tracked Since
Feb 18, 2026