Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Group-Office Vulnerable to Remote Code Execution (RCE)
Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`). Because extracted filenames are attacker-controlled, they can be interpreted as `zip` options and lead to arbitrary command execution. Versions 26.0.9, 25.0.87, and 6.8.154 fix the issue.
CVSS Information
N/A
Vulnerability Type
参数注入或修改
Vulnerability Title
Group Office 代码问题漏洞
Vulnerability Description
Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 26.0.9之前版本、25.0.87之前版本和6.8.154之前版本存在代码问题漏洞,该漏洞源于TNEF附件处理流程存在缺陷,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A