Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weseek growi vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-20736
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote malicious user to obtain and/or alter the information stored in the database via unspecified vectors.
Weseek Growi
8.8
CVSSv3
CVE-2019-5968
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and previous versions allows remote malicious users to hijack the authentication of administrators via updating user's 'Basic Info'.
Weseek Growi
7.5
CVSSv3
CVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key
Weseek Growi
7.5
CVSSv3
CVE-2021-20670
Improper access control vulnerability in GROWI versions v4.2.2 and previous versions allows a remote unauthenticated malicious user to read the user's personal information and/or server's internal information via unspecified vectors.
Weseek Growi
7.5
CVSSv3
CVE-2020-5682
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and previous versions GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and...
Weseek Growi
7.5
CVSSv3
CVE-2020-5683
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and previous versions GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 se...
Weseek Growi
7.5
CVSSv3
CVE-2020-5676
GROWI v4.1.3 and previous versions allow remote malicious users to obtain information which is not allowed to access via unspecified vectors.
Weseek Growi
7.5
CVSSv3
CVE-2019-13337
In WESEEK GROWI prior to 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic a...
Weseek Growi
7.5
CVSSv3
CVE-2019-13338
In WESEEK GROWI prior to 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field.
Weseek Growi
7.2
CVSSv3
CVE-2021-20671
Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.
Weseek Growi 4.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »