Server-Side Request Forgery (SSRF) Vulnerability in Group-Office's /api/upload.php Endpoint

Server-Side Request Forgery (SSRF) Vulnerability in Group-Office's /api/upload.php Endpoint

CVE-2023-46730 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Learn more about our Cis Benchmark Audit For Microsoft Office.