Numberoreo1

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.155 Group-Office versions prior to 25.0.88 Group-Office versions prior to 26.0.10 **Description** Group-Office is a customer relationship management and groupware tool. A reflected cross-site scripting (XSS) issue exists in the GroupOffice installer at the `install/license.php` endpoint. The `license` POST parameter is rendered without proper escaping within a `<textarea>` element, enabling a `</textarea><script>...</script>` breakout. **Recommendations** Update Group-Office to version 6.8.155 or later. Update Group-Office to version 25.0.88 or later. Update Group-Office to version 26.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.155 Group-Office versions prior to 25.0.88 Group-Office versions prior to 26.0.10 **Description** Group-Office is a customer relationship management and groupware tool. A reflected cross-site scripting (XSS) issue exists in the external/index flow. The `f` parameter, which contains Base64 encoded JSON data, is decoded and injected into an inline JavaScript block without proper sanitization. This allows for the injection of `<script>` tags and the execution of arbitrary JavaScript code in a user's browser. The vulnerable parameter is `f`. **Recommendations** Update Group-Office to version 6.8.155 or later. Update Group-Office to version 25.0.88 or later. Update Group-Office to version 26.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 26.0.8 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.153 **Description** The software has a SQL Injection issue that can be exploited through the `advancedQueryData` parameter, specifically the `comparator` field, on an authenticated endpoint. The `index.php?r=email/template/emailSelection` endpoint processes the `advancedQueryData` parameter and incorporates the SQL comparator directly into SQL condition building without proper validation. This allows for blind boolean-based exfiltration of the `core auth password` table. **Recommendations** Update to Group-Office version 26.0.8 or later. Update to Group-Office version 25.0.87 or later. Update to Group-Office version 6.8.153 or later.

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 26.0.9 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.154 **Description** Group-Office is a customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 contain a flaw that allows for authenticated Remote Code Execution through the processing of TNEF attachments. The issue arises because the software extracts files from `winmail.dat` which are controlled by an attacker. The `zip` command is then invoked with a shell wildcard (`*`), allowing attackers to manipulate filenames to execute arbitrary commands. **Recommendations** Update Group-Office to version 26.0.9. Update Group-Office to version 25.0.87. Update Group-Office to version 6.8.154.

**Nome do Software Vulnerável e Versões Afetadas** Group-Office versões anteriores a 6.8.150 Group-Office versões anteriores a 25.0.82 Group-Office versões anteriores a 26.0.5 **Descrição** O Group-Office é uma ferramenta de gestão de relacionamento com o cliente e groupware suscetível à execução remota de código (RCE). O endpoint `/email/message/tnefAttachmentFromTempFile` incorpora diretamente o parâmetro `tmp file`, controlado pelo usuário, em uma chamada da função `exec()`. Um atacante autenticado pode injetar metacaracteres de shell no parâmetro `tmp file`, permitindo a execução de comandos de sistema arbitrários no servidor. **Recomendações** Atualize o Group-Office para a versão 6.8.150 ou posterior. Atualize o Group-Office para a versão 25.0.82 ou posterior. Atualize o Group-Office para a versão 26.0.5 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 **Description** Group-Office is a customer relationship management and groupware tool. The `MaintenanceController` includes a `zipLanguage` action that uses a `lang` parameter directly in a system zip command via the `exec()` function. This can be exploited by uploading a specially crafted zip file, leading to remote code execution. The `lang` parameter is not properly filtered, allowing for command injection. **Recommendations** Update Group-Office to version 6.8.150 or later. Update Group-Office to version 25.0.82 or later. Update Group-Office to version 26.0.5 or later.