NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
https://weseek.co.jp/security/2021/06/14/vulnerability/growi-nosql-ingection/