Directory Traversal Vulnerability in GROWI Allows Remote Data Alteration via Specially Crafted File Upload

Directory Traversal Vulnerability in GROWI Allows Remote Data Alteration via Specially Crafted File Upload

CVE-2020-5683 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.

Learn more about our Web Application Penetration Testing UK.