CVE-2026-27832
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on an authenticated endpoint. The endpoint `index.php?r=email/template/emailSelection` processes `advancedQueryData` and forwards the SQL comparator without a strict allowlist into SQL condition building. This enables blind boolean-based exfiltration of the `core_auth_password` table. Versions 26.0.8, 25.0.87, and 6.8.153 fix the issue.
Analysis
SQL injection in Group Office email template selection endpoint allows authenticated attackers to extract sensitive data from the database through the unvalidated comparator parameter in advancedQueryData. An attacker with valid credentials can perform blind boolean-based attacks to exfiltrate password hashes from the core_auth_password table. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Group-Office instances in your environment and document their current versions. Within 7 days: Implement WAF rules to block malicious SQL patterns in the advancedQueryData parameter, restrict access to affected endpoints through network segmentation or IP whitelisting, and disable the advancedQuery feature if operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today