A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote malicious user to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
Vulmon