VYPR

HGiga OAKlouds

by HGiga OAKlouds

CVEs (2)

  • CVE-2024-26261CriFeb 15, 2024
    risk 0.64cvss 9.8epss 0.01

    The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted…

  • CVE-2024-26260CriFeb 15, 2024
    risk 0.64cvss 9.8epss 0.02

    The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without…