CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-26260

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.02

EPSS Ranking 82.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96
https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html
https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96
https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html

Products affected by CVE-2024-26260

Hgiga » Oaklouds-Organization-2.0 » Version: N/A

cpe:2.3:a:hgiga:oaklouds-organization-2.0:-
Hgiga » Oaklouds-Organization-3.0 » Version: N/A

cpe:2.3:a:hgiga:oaklouds-organization-3.0:-
Hgiga » Oaklouds-Webbase-2.0 » Version: N/A

cpe:2.3:a:hgiga:oaklouds-webbase-2.0:-
Hgiga » Oaklouds-Webbase-3.0 » Version: N/A

cpe:2.3:a:hgiga:oaklouds-webbase-3.0:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-26260

Products

Pricing

Contact Us