CVE-2024-26261
published 2024-10-14CVE-2024-26261: The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.7th percentile
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hgiga | oaklouds | < 1162 | 1162 |
| hgiga | oaklouds-organization-2.0 | < 188 | 188 |
| hgiga | oaklouds-organization-3.0 | < 188 | 188 |
| hgiga | oaklouds-webbase-2.0 | < 1051 | 1051 |
| hgiga | oaklouds-webbase-3.0 | < 1051 | 1051 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mr42-8xpc-qj99: The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk
ghsa_unreviewed·2024-10-14·CVSS 9.8
CVE-2024-9924 [CRITICAL] CWE-36 GHSA-mr42-8xpc-qj99: The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .
GHSA
GHSA-5qm7-5w7x-5mcg: The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability
ghsa_unreviewed·2024-02-15
CVE-2024-26261 [CRITICAL] CWE-22 GHSA-5qm7-5w7x-5mcg: The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-14
Published