CVE-2024-26260

critical

Description

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.

References

https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html

https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96

Details

Source: Mitre, NVD

Published: 2024-02-15

Updated: 2024-06-28

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical