In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade egroupware/egroupware to version 23.1.20260601, 26.4.20260413 or higher.
egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office.
Affected versions of this package are vulnerable to Eval Injection via the expand_name function. An attacker can execute arbitrary OS commands by uploading a specially crafted eTemplate XML file containing malicious widget attribute values, which are processed with insufficient sanitization and passed to a PHP eval() call. This is only exploitable if the attacker has admin privileges and the PHP configuration does not have disable_functions set to block shell execution functions.