cve/2023/CVE-2023-46730.md

### [CVE-2023-46730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46730)
![](https://img.shields.io/static/v1?label=Product&message=groupoffice&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%206.3.0%2C%20%3C%206.6.177%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)

### Description

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.

### POC

#### Reference
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-46730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46730)`
			`![](https://img.shields.io/static/v1?label=Product&message=groupoffice&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%206.3.0%2C%20%3C%206.6.177%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)`

			`### Description`

			Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.

			`### POC`

			`#### Reference`
			`- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv`

			`#### Github`
			`No PoCs found on GitHub currently.`