polkaman

## txt

CVE-2019-13337

    [Description]
    In WESEEK GROWI before 3.5.0, the site-wide basic authentication can
    be bypassed by adding a URL parameter access_token (this is the
    parameter used by the API). No valid token is required since it is not
    validated by the backend. The website can then be browsed as if no
    basic authentication is required.

	CVE-2019-13337

	[Description]
	In WESEEK GROWI before 3.5.0, the site-wide basic authentication can
	be bypassed by adding a URL parameter access_token (this is the
	parameter used by the API). No valid token is required since it is not
	validated by the backend. The website can then be browsed as if no
	basic authentication is required.