2 matches found
CVE-2023-46730 Server-Side Request Forgery in groupoffice
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...
CVE-2023-46730
CVE-2023-46730 (Group-Office) : A full Server-Side Request Forgery (SSRF) vulnerability exists in the /api/upload.php endpoint of Group-Office. The endpoint does not filter URLs, allowing an attacker to cause the server to fetch resources from untrusted domains, with possible access to local disk...