Hgiga: >> Oaklouds-Webbase-2.0 Security Vulnerabilities
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-15
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
CVSS Score
9.8
EPSS Score
0.02
Published
2024-02-15