In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Authorization Bypass Through User-Controlled Key vulnerabilities in an interactive lesson.
Start learningUpgrade egroupware/egroupware to version 23.1.20260224, 26.2.20260224 or higher.
egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper authorization checks in the ajax_upload function and insufficient validation of user-controlled input. An attacker can execute arbitrary code on the server by bypassing access controls, uploading malicious files to sensitive locations, and leveraging arbitrary file read and write capabilities to inject code into critical configuration files. This can lead to full system compromise, including modification of administrative credentials and persistent access. This is only exploitable if user self-registration is enabled or the attacker has valid credentials.