The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96 | Third Party Advisory |
| https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96 | Third Party Advisory |
| https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html | Third Party Advisory |
| https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2025, 19:56
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| References | () https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96 - Third Party Advisory | |
| References | () https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html - Third Party Advisory | |
| CPE | cpe:2.3:a:hgiga:oaklouds-webbase-2.0:*:*:*:*:*:*:*:* cpe:2.3:a:hgiga:oaklouds-organization-2.0:*:*:*:*:*:*:*:* cpe:2.3:a:hgiga:oaklouds-webbase-3.0:*:*:*:*:*:*:*:* cpe:2.3:a:hgiga:oaklouds-organization-3.0:*:*:*:*:*:*:*:* |
|
| First Time |
Hgiga
Hgiga oaklouds-organization-3.0 Hgiga oaklouds-organization-2.0 Hgiga oaklouds-webbase-3.0 Hgiga oaklouds-webbase-2.0 |
|
| CWE |
28 Jun 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
15 Feb 2024, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-15 03:15
Updated : 2025-01-23 19:56
NVD link : CVE-2024-26261
Mitre link : CVE-2024-26261
JSON object : View
Products Affected
hgiga
- oaklouds-organization-2.0
- oaklouds-webbase-3.0
- oaklouds-organization-3.0
- oaklouds-webbase-2.0
CWE
No CWE.