CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-28060

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.6%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html
https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/
https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html
https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/

Products affected by CVE-2021-28060

Group-Office » Group Office » Version: 6.4.196

cpe:2.3:a:group-office:group_office:6.4.196

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-28060

Products

Pricing

Contact Us