Hgiga Oaklouds vulnerabilities
3 known vulnerabilities affecting hgiga/oaklouds.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-26260P2CRITICALCVSS 9.8≥ earlier, < 188≥ earlier, < 10512024-02-15
CVE-2024-26260 [CRITICAL] CWE-78 CVE-2024-26260: The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injectio
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
nvd
CVE-2024-26261P3CRITICALCVSS 9.8fixed in 11622024-02-15
CVE-2024-26261 [CRITICAL] CWE-22 CVE-2024-26261: The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Re
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
nvd
CVE-2022-38118P3HIGHCVSS 8.8≥ unspecified, ≤ OAKlouds-mol_metting-2.0-1632022-08-30
CVE-2022-38118 [HIGH] CWE-89 CVE-2022-38118: OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
nvd