← Back

CVE-2024-26260

nvd nist
Published: Feb 15, 2024Modified: Jan 23, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: twcert@cert.org.tw (Secondary)

Description

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.

Affected (4)

Hgiga
4 products
Oaklouds Organization 2.0
Oaklouds Organization 3.0
Oaklouds Webbase 2.0
Oaklouds Webbase 3.0
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Oaklouds Organization 2.0
Before 188
Oaklouds Organization 3.0
Before 188
Oaklouds Webbase 2.0
Before 1051
Oaklouds Webbase 3.0
Before 1051

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: twcert@cert.org.tw
Third Party Advisory
Source: twcert@cert.org.tw
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.