The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96 | Third Party Advisory |
| https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96 | Third Party Advisory |
| https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html | Third Party Advisory |
| https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2025, 19:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:hgiga:oaklouds-webbase-2.0:*:*:*:*:*:*:*:* cpe:2.3:a:hgiga:oaklouds-organization-2.0:*:*:*:*:*:*:*:* cpe:2.3:a:hgiga:oaklouds-webbase-3.0:*:*:*:*:*:*:*:* cpe:2.3:a:hgiga:oaklouds-organization-3.0:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CWE | ||
| References | () https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96 - Third Party Advisory | |
| References | () https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html - Third Party Advisory | |
| First Time |
Hgiga
Hgiga oaklouds-organization-3.0 Hgiga oaklouds-organization-2.0 Hgiga oaklouds-webbase-3.0 Hgiga oaklouds-webbase-2.0 |
28 Jun 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
15 Feb 2024, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-15 03:15
Updated : 2025-01-23 19:55
NVD link : CVE-2024-26260
Mitre link : CVE-2024-26260
JSON object : View
Products Affected
hgiga
- oaklouds-organization-2.0
- oaklouds-webbase-3.0
- oaklouds-organization-3.0
- oaklouds-webbase-2.0
CWE
No CWE.