Siefr3Dus

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 **Description** An authenticated user with System Administrator privileges can trigger a server-side request forgery (SSRF) through the WOPI service discovery URL. This allows access to internal hosts and ports, and the response body can be exfiltrated using the built-in debug system, resulting in a visible SSRF and enabling full server-side file read. **Recommendations** Update Group-Office to version 6.8.150 or later. Update Group-Office to version 25.0.82 or later. Update Group-Office to version 26.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 **Description** Group-Office is a customer relationship management and groupware tool. The `MaintenanceController` includes a `zipLanguage` action that uses a `lang` parameter directly in a system zip command via the `exec()` function. This can be exploited by uploading a specially crafted zip file, leading to remote code execution. The `lang` parameter is not properly filtered, allowing for command injection. **Recommendations** Update Group-Office to version 6.8.150 or later. Update Group-Office to version 25.0.82 or later. Update Group-Office to version 26.0.5 or later.