Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.
https://weseek.co.jp/security/2021/06/14/vulnerability/growi-nosql-ingection/