漏洞描述
Zimbra Collaboration Suite(ZCS)是美国Synacor公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。
Zimbra协同办公系统sfdc_preauth.jsp文件存在SSRF漏洞,攻击者可利用漏洞对内网进行端口探测等攻击。
Zimbra Collaboration Suite 协同办公系统 sfdc_preauth.jsp 文件服务器端请求伪造漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2019-9670: Zimbra Collaboration XXE
- POC CVE-2013-7091: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
- POC CVE-2018-14013: Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting
- POC CVE-2019-9670: Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection
- POC CVE-2020-7796: Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
- POC CVE-2022-27926: Zimbra Collaboration (ZCS) - Cross Site Scripting
- POC CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
- POC CVE-2023-34192: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
- POC CVE-2023-37580: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
- POC CVE-2024-45519: Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
- POC CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
- POC CVE-2019-9621: Zimbra Collaboration Suite - SSRF
- POC CVE-2022-24682: Zimbra Collaboration Suite < 8.8.15 - Improper Encoding