Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`
Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0.90, and 26.0.12.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Group Office 代码问题漏洞
Vulnerability Description
Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 6.8.156之前版本、25.0.90之前版本和26.0.12之前版本存在代码问题漏洞,该漏洞源于AbstractSettingsCollection模型存在不安全的反序列化,可能导致任意文件写入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A