Vulnerabilities > CVE-2021-28060 - Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office 6.4.196

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
group-office
CWE-918

Summary

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.

Vulnerable Configurations

Part Description Count
Application
Group-Office
1

Common Weakness Enumeration (CWE)