Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Group-Office Argument Injection in MaintenanceController::actionZipLanguage
Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec(). This can be combined with uploading a crafted zip file to achieve remote code execution. This vulnerability is fixed in 6.8.150, 25.0.82, and 26.0.5.
CVSS Information
N/A
Vulnerability Type
参数注入或修改
Vulnerability Title
Group Office 参数注入漏洞
Vulnerability Description
Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 6.8.150之前版本、25.0.82之前版本和26.0.5之前版本存在参数注入漏洞,该漏洞源于lang参数直接传递给系统命令,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A